Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2020-25180
HistoryMar 18, 2022 - 6:15 p.m.

CVE-2020-25180

2022-03-1818:15:09
CWE-798
CWE-321
[email protected]
web.nvd.nist.gov
34
cve-2020-25180
rockwell automation
isagraf runtime
vulnerability
remote
unauthenticated
password disclosure
information security

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.7%

JSON

Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x includes the functionality of setting a password that is required to execute privileged commands. The password value passed to ISaGRAF Runtime is the result of encryption performed with a fixed key value using the tiny encryption algorithm (TEA) on an entered or saved password. A remote, unauthenticated attacker could pass their own encrypted password to the ISaGRAF 5 Runtime, which may result in information disclosure on the device.

Affected configurations

NVD
Node
schneider-electriceasergy_t300_firmwareRange≀2.7.1
AND
schneider-electriceasergy_t300Match-
Node
schneider-electriceasergy_c5_firmwareRange<1.1.0
AND
schneider-electriceasergy_c5Match-
Node
schneider-electricmicom_c264_firmwareRange<d6.1
AND
schneider-electricmicom_c264Match-
Node
schneider-electricpacis_gtw_firmwareMatch5.1windows
OR
schneider-electricpacis_gtw_firmwareMatch5.2windows
OR
schneider-electricpacis_gtw_firmwareMatch6.1windows
OR
schneider-electricpacis_gtw_firmwareMatch6.3linux
OR
schneider-electricpacis_gtw_firmwareMatch6.3windows
AND
schneider-electricpacis_gtwMatch-
Node
schneider-electricsaitel_dp_firmwareRange≀11.06.21
AND
schneider-electricsaitel_dpMatch-
Node
schneider-electricepas_gtw_firmwareMatch6.4linux
OR
schneider-electricepas_gtw_firmwareMatch6.4windows
AND
schneider-electricepas_gtwMatch-
Node
schneider-electricsaitel_dr_firmwareRange≀11.06.12
AND
schneider-electricsaitel_drMatch-
Node
schneider-electriccp-3Match-
OR
schneider-electricmc-31Match-
AND
schneider-electricscd2200_firmwareRange≀10024
Node
rockwellautomationaadvance_controllerRange≀1.40
OR
rockwellautomationisagraf_free_runtimeRange≀6.6.8isagraf6_workbench
OR
rockwellautomationisagraf_runtimeRange5.0–6.0
Node
rockwellautomationmicro810Match-
AND
rockwellautomationmicro810_firmwareMatch-
Node
rockwellautomationmicro820Match-
AND
rockwellautomationmicro820_firmwareMatch-
Node
rockwellautomationmicro830Match-
AND
rockwellautomationmicro830_firmwareMatch-
Node
rockwellautomationmicro850Match-
AND
rockwellautomationmicro850_firmwareMatch-
Node
rockwellautomationmicro870Match-
AND
rockwellautomationmicro870_firmwareMatch-
Node
xylemmultismart_firmwareRange<3.2.0

CNA Affected

[
  {
    "product": "ISaGRAF Runtime",
    "vendor": "Rockwell Automation",
    "versions": [
      {
        "status": "affected",
        "version": "4.x"
      },
      {
        "status": "affected",
        "version": "5.x"
      }
    ]
  }
]

Related

nessus 2
cvelist 1
nvd 1
prion 1
ics 1
nessus
nessus
Rockwell Automation ISaGRAF5 Runtime Use of Hard-Coded Cryptographic Key (CVE-2020-25180)
2022-04-28 00:00:00
Schneider Electric Use of Hard-Coded Cryptographic Key in embedded Rockwell Automation ISaGRAF5 Runtime (CVE-2020-25180)
2022-04-28 00:00:00
cvelist
cvelist
CVE-2020-25180 Rockwell Automation ISaGRAF5 Runtime Use of Hard-coded Cryptographic Key
2022-03-18 18:00:33
nvd
nvd
CVE-2020-25180
2022-03-18 18:15:09
prion
prion
Design/Logic Flaw
2022-03-18 18:15:00
ics
ics
Rockwell Automation ISaGRAF5 Runtime (Update A)
2021-06-17 12:00:00

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.7%

JSON
Related for CVE-2020-25180
nessus2cvelist1nvd1prion1ics1