Code injection

2022-03-1818:15:00

PRIOn knowledge base

www.prio-n.com

7.5 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. Uncontrolled loading of dynamic libraries could allow a local, unauthenticated attacker to execute arbitrary code. This vulnerability only affects ISaGRAF Runtime when running on Microsoft Windows systems.

CPENameOperatorVersion
aadvance_controllerle1.40
isagraf_free_runtimele6.6.8
isagraf_runtimege5.0
isagraf_runtimelt6.0
easergy_c5_firmwarelt1.1.0
easergy_t300_firmwarele2.7.1
epas_gtw_firmwareeq6.4
epas_gtw_firmwareeq6.4
micom_c264_firmwareeq< d6.1
pacis_gtw_firmwareeq5.1

Name	Operator	Version
aadvance_controller	le	1.40
isagraf_free_runtime	le	6.6.8
isagraf_runtime	ge	5.0
isagraf_runtime	lt	6.0
easergy_c5_firmware	lt	1.1.0
easergy_t300_firmware	le	2.7.1
epas_gtw_firmware	eq	6.4
epas_gtw_firmware	eq	6.4
micom_c264_firmware	eq	< d6.1
pacis_gtw_firmware	eq	5.1