Information disclosure

2022-03-1818:15:00

PRIOn knowledge base

www.prio-n.com

6.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.8%

JSON

Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x stores the password in plaintext in a file that is in the same directory as the executable file. ISaGRAF Runtime reads the file and saves the data in a variable without any additional modification. A local, unauthenticated attacker could compromise the user passwords, resulting in information disclosure.

CPENameOperatorVersion
aadvance_controllerle1.40
isagraf_free_runtimele6.6.8
isagraf_runtimege5.0
isagraf_runtimelt6.0
easergy_c5_firmwarelt1.1.0
easergy_t300_firmwarele2.7.1
epas_gtw_firmwareeq6.4
epas_gtw_firmwareeq6.4
micom_c264_firmwareeq< d6.1
pacis_gtw_firmwareeq5.1

Name	Operator	Version
aadvance_controller	le	1.40
isagraf_free_runtime	le	6.6.8
isagraf_runtime	ge	5.0
isagraf_runtime	lt	6.0
easergy_c5_firmware	lt	1.1.0
easergy_t300_firmware	le	2.7.1
epas_gtw_firmware	eq	6.4
epas_gtw_firmware	eq	6.4
micom_c264_firmware	eq	< d6.1
pacis_gtw_firmware	eq	5.1