Design/Logic Flaw

2022-03-1818:15:00

PRIOn knowledge base

www.prio-n.com

7.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.7%

JSON

Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x includes the functionality of setting a password that is required to execute privileged commands. The password value passed to ISaGRAF Runtime is the result of encryption performed with a fixed key value using the tiny encryption algorithm (TEA) on an entered or saved password. A remote, unauthenticated attacker could pass their own encrypted password to the ISaGRAF 5 Runtime, which may result in information disclosure on the device.

CPENameOperatorVersion
aadvance_controllerle1.40
isagraf_free_runtimele6.6.8
isagraf_runtimege5.0
isagraf_runtimelt6.0
easergy_c5_firmwarelt1.1.0
easergy_t300_firmwarele2.7.1
epas_gtw_firmwareeq6.4
epas_gtw_firmwareeq6.4
micom_c264_firmwareeq< d6.1
pacis_gtw_firmwareeq5.1

Name	Operator	Version
aadvance_controller	le	1.40
isagraf_free_runtime	le	6.6.8
isagraf_runtime	ge	5.0
isagraf_runtime	lt	6.0
easergy_c5_firmware	lt	1.1.0
easergy_t300_firmware	le	2.7.1
epas_gtw_firmware	eq	6.4
epas_gtw_firmware	eq	6.4
micom_c264_firmware	eq	< d6.1
pacis_gtw_firmware	eq	5.1