CVE-2020-25176

Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer IXL protocol perform various file operations in the file system. Since the parameter pointing to the file name is not checked for reserved characters, it is possible for a remote, unauthenticated...

Remote code execution

Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer IXL protocol perform various file operations in the file system. Since the parameter pointing to the file name is not checked for reserved characters, it is possible for a remote, unauthenticated...

CVE-2020-25176

CVE-2020-25176 affects Rockwell Automation ISaGRAF Runtime (IXL) 4.x–5.x. The vulnerability arises because the filename parameter is not checked for reserved characters, enabling a remote, unauthenticated attacker to traverse directories and potentially achieve remote code execution. Affected com...

PT-2021-7842 · Rockwell Automation · Isagraf Runtime

Name of the Vulnerable Software and Affected Versions: Rockwell Automation ISaGRAF Runtime versions 4.x through 5.x Description: The issue is related to errors in handling relative paths to directories with limited access in the eXchange Layer IXL component of the Rockwell Automation ISaGRAF...