Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2020-25182
HistoryMar 18, 2022 - 6:15 p.m.

CVE-2020-25182

2022-03-1818:15:09
CWE-427
[email protected]
web.nvd.nist.gov
39
rockwell automation
isagraf runtime
vulnerability
dll
dynamic libraries
cve-2020-25182
nvd
microsoft windows

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

4.6 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

15.6%

JSON

Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. Uncontrolled loading of dynamic libraries could allow a local, unauthenticated attacker to execute arbitrary code. This vulnerability only affects ISaGRAF Runtime when running on Microsoft Windows systems.

Affected configurations

NVD
Node
schneider-electriceasergy_t300_firmwareRange≀2.7.1
AND
schneider-electriceasergy_t300Match-
Node
schneider-electriceasergy_c5_firmwareRange<1.1.0
AND
schneider-electriceasergy_c5Match-
Node
schneider-electricmicom_c264_firmwareRange<d6.1
AND
schneider-electricmicom_c264Match-
Node
schneider-electricpacis_gtw_firmwareMatch5.1windows
OR
schneider-electricpacis_gtw_firmwareMatch5.2windows
OR
schneider-electricpacis_gtw_firmwareMatch6.1windows
OR
schneider-electricpacis_gtw_firmwareMatch6.3linux
OR
schneider-electricpacis_gtw_firmwareMatch6.3windows
AND
schneider-electricpacis_gtwMatch-
Node
schneider-electricsaitel_dp_firmwareRange≀11.06.21
AND
schneider-electricsaitel_dpMatch-
Node
schneider-electricepas_gtw_firmwareMatch6.4linux
OR
schneider-electricepas_gtw_firmwareMatch6.4windows
AND
schneider-electricepas_gtwMatch-
Node
schneider-electricsaitel_dr_firmwareRange≀11.06.12
AND
schneider-electricsaitel_drMatch-
Node
schneider-electricscd2200_firmwareRange≀10024
AND
schneider-electriccp-3Match-
OR
schneider-electricmc-31Match-
Node
rockwellautomationaadvance_controllerRange≀1.40
OR
rockwellautomationisagraf_free_runtimeRange≀6.6.8isagraf6_workbench
Node
rockwellautomationmicro810_firmwareMatch-
AND
rockwellautomationmicro810Match-
Node
rockwellautomationmicro820_firmwareMatch-
AND
rockwellautomationmicro820Match-
Node
rockwellautomationmicro830_firmwareMatch-
AND
rockwellautomationmicro830Match-
Node
rockwellautomationmicro850_firmwareMatch-
AND
rockwellautomationmicro850Match-
Node
rockwellautomationmicro870_firmwareMatch-
AND
rockwellautomationmicro870Match-
Node
xylemmultismart_firmwareRange<3.2.0
Node
rockwellautomationisagraf_runtimeRange5.0–6.0windows

CNA Affected

[
  {
    "product": "ISaGRAF Runtime",
    "vendor": "Rockwell Automation",
    "versions": [
      {
        "status": "affected",
        "version": "4.x"
      },
      {
        "status": "affected",
        "version": "5.x"
      }
    ]
  }
]

Related

prion 1
nessus 2
nvd 1
cvelist 1
ics 1
prion
prion
Code injection
2022-03-18 18:15:00
nessus
nessus
Schneider Electric Uncontrolled Search Path Element in embedded Rockwell Automation ISaGRAF5 Runtime (CVE-2020-25182)
2022-04-28 00:00:00
Rockwell Automation ISaGRAF5 Runtime Uncontrolled Search Path Element (CVE-2020-25182)
2022-04-28 00:00:00
nvd
nvd
CVE-2020-25182
2022-03-18 18:15:09
cvelist
cvelist
CVE-2020-25182 Rockwell Automation ISaGRAF5 Runtime Uncontrolled Search Path Element
2022-03-18 18:00:30
ics
ics
Rockwell Automation ISaGRAF5 Runtime (Update A)
2021-06-17 12:00:00

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

4.6 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

15.6%

JSON
Related for CVE-2020-25182
prion1nessus2nvd1cvelist1ics1