CVE-2020-25178
Rockwell Automation ISaGRAF5 Runtime Cleartext Transmission of Sensitive Information
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
ISaGRAF Workbench communicates with Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x using TCP/IP. This communication protocol provides various file system operations, as well as the uploading of applications. Data is transferred over this protocol unencrypted, which could allow a remote unauthenticated attacker to upload, read, and delete files.
ISaGRAF Workbench es comunicado con Rockwell Automation ISaGRAF Runtime versiones 4.x y 5.x, usando TCP/IP. Este protocolo de comunicación proporciona varias operaciones del sistema de archivos, así como la carga de aplicaciones. Los datos son transferidos a través de este protocolo sin encriptar, lo que podría permitir a un atacante remoto no autenticado cargar, leer y borrar archivos
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-09-04 CVE Reserved
- 2022-03-18 CVE Published
- 2024-08-04 CVE Updated
- 2024-11-05 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-319: Cleartext Transmission of Sensitive Information
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Schneider-electric Search vendor "Schneider-electric" | Easergy T300 Firmware Search vendor "Schneider-electric" for product "Easergy T300 Firmware" | <= 2.7.1 Search vendor "Schneider-electric" for product "Easergy T300 Firmware" and version " <= 2.7.1" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Easergy T300 Search vendor "Schneider-electric" for product "Easergy T300" | - | - |
Safe
|
Schneider-electric Search vendor "Schneider-electric" | Easergy C5 Firmware Search vendor "Schneider-electric" for product "Easergy C5 Firmware" | < 1.1.0 Search vendor "Schneider-electric" for product "Easergy C5 Firmware" and version " < 1.1.0" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Easergy C5 Search vendor "Schneider-electric" for product "Easergy C5" | - | - |
Safe
|
Schneider-electric Search vendor "Schneider-electric" | Micom C264 Firmware Search vendor "Schneider-electric" for product "Micom C264 Firmware" | < d6.1 Search vendor "Schneider-electric" for product "Micom C264 Firmware" and version " < d6.1" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Micom C264 Search vendor "Schneider-electric" for product "Micom C264" | - | - |
Safe
|
Schneider-electric Search vendor "Schneider-electric" | Pacis Gtw Firmware Search vendor "Schneider-electric" for product "Pacis Gtw Firmware" | 5.1 Search vendor "Schneider-electric" for product "Pacis Gtw Firmware" and version "5.1" | windows |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Pacis Gtw Search vendor "Schneider-electric" for product "Pacis Gtw" | - | - |
Safe
|
Schneider-electric Search vendor "Schneider-electric" | Pacis Gtw Firmware Search vendor "Schneider-electric" for product "Pacis Gtw Firmware" | 5.2 Search vendor "Schneider-electric" for product "Pacis Gtw Firmware" and version "5.2" | windows |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Pacis Gtw Search vendor "Schneider-electric" for product "Pacis Gtw" | - | - |
Safe
|
Schneider-electric Search vendor "Schneider-electric" | Pacis Gtw Firmware Search vendor "Schneider-electric" for product "Pacis Gtw Firmware" | 6.1 Search vendor "Schneider-electric" for product "Pacis Gtw Firmware" and version "6.1" | windows |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Pacis Gtw Search vendor "Schneider-electric" for product "Pacis Gtw" | - | - |
Safe
|
Schneider-electric Search vendor "Schneider-electric" | Pacis Gtw Firmware Search vendor "Schneider-electric" for product "Pacis Gtw Firmware" | 6.3 Search vendor "Schneider-electric" for product "Pacis Gtw Firmware" and version "6.3" | linux |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Pacis Gtw Search vendor "Schneider-electric" for product "Pacis Gtw" | - | - |
Safe
|
Schneider-electric Search vendor "Schneider-electric" | Pacis Gtw Firmware Search vendor "Schneider-electric" for product "Pacis Gtw Firmware" | 6.3 Search vendor "Schneider-electric" for product "Pacis Gtw Firmware" and version "6.3" | windows |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Pacis Gtw Search vendor "Schneider-electric" for product "Pacis Gtw" | - | - |
Safe
|
Schneider-electric Search vendor "Schneider-electric" | Saitel Dp Firmware Search vendor "Schneider-electric" for product "Saitel Dp Firmware" | <= 11.06.21 Search vendor "Schneider-electric" for product "Saitel Dp Firmware" and version " <= 11.06.21" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Saitel Dp Search vendor "Schneider-electric" for product "Saitel Dp" | - | - |
Safe
|
Schneider-electric Search vendor "Schneider-electric" | Epas Gtw Firmware Search vendor "Schneider-electric" for product "Epas Gtw Firmware" | 6.4 Search vendor "Schneider-electric" for product "Epas Gtw Firmware" and version "6.4" | linux |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Epas Gtw Search vendor "Schneider-electric" for product "Epas Gtw" | - | - |
Safe
|
Schneider-electric Search vendor "Schneider-electric" | Epas Gtw Firmware Search vendor "Schneider-electric" for product "Epas Gtw Firmware" | 6.4 Search vendor "Schneider-electric" for product "Epas Gtw Firmware" and version "6.4" | windows |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Epas Gtw Search vendor "Schneider-electric" for product "Epas Gtw" | - | - |
Safe
|
Schneider-electric Search vendor "Schneider-electric" | Saitel Dr Firmware Search vendor "Schneider-electric" for product "Saitel Dr Firmware" | <= 11.06.12 Search vendor "Schneider-electric" for product "Saitel Dr Firmware" and version " <= 11.06.12" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Saitel Dr Search vendor "Schneider-electric" for product "Saitel Dr" | - | - |
Safe
|
Schneider-electric Search vendor "Schneider-electric" | Scd2200 Firmware Search vendor "Schneider-electric" for product "Scd2200 Firmware" | <= 10024 Search vendor "Schneider-electric" for product "Scd2200 Firmware" and version " <= 10024" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Cp-3 Search vendor "Schneider-electric" for product "Cp-3" | - | - |
Safe
|
Schneider-electric Search vendor "Schneider-electric" | Scd2200 Firmware Search vendor "Schneider-electric" for product "Scd2200 Firmware" | <= 10024 Search vendor "Schneider-electric" for product "Scd2200 Firmware" and version " <= 10024" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Mc-31 Search vendor "Schneider-electric" for product "Mc-31" | - | - |
Safe
|
Rockwellautomation Search vendor "Rockwellautomation" | Micro810 Firmware Search vendor "Rockwellautomation" for product "Micro810 Firmware" | - | - |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | Micro810 Search vendor "Rockwellautomation" for product "Micro810" | - | - |
Safe
|
Rockwellautomation Search vendor "Rockwellautomation" | Micro820 Firmware Search vendor "Rockwellautomation" for product "Micro820 Firmware" | - | - |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | Micro820 Search vendor "Rockwellautomation" for product "Micro820" | - | - |
Safe
|
Rockwellautomation Search vendor "Rockwellautomation" | Micro830 Firmware Search vendor "Rockwellautomation" for product "Micro830 Firmware" | - | - |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | Micro830 Search vendor "Rockwellautomation" for product "Micro830" | - | - |
Safe
|
Rockwellautomation Search vendor "Rockwellautomation" | Micro850 Firmware Search vendor "Rockwellautomation" for product "Micro850 Firmware" | - | - |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | Micro850 Search vendor "Rockwellautomation" for product "Micro850" | - | - |
Safe
|
Rockwellautomation Search vendor "Rockwellautomation" | Micro870 Firmware Search vendor "Rockwellautomation" for product "Micro870 Firmware" | - | - |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | Micro870 Search vendor "Rockwellautomation" for product "Micro870" | - | - |
Safe
|
Rockwellautomation Search vendor "Rockwellautomation" | Aadvance Controller Search vendor "Rockwellautomation" for product "Aadvance Controller" | <= 1.40 Search vendor "Rockwellautomation" for product "Aadvance Controller" and version " <= 1.40" | - |
Affected
| ||||||
Rockwellautomation Search vendor "Rockwellautomation" | Isagraf Free Runtime Search vendor "Rockwellautomation" for product "Isagraf Free Runtime" | <= 6.6.8 Search vendor "Rockwellautomation" for product "Isagraf Free Runtime" and version " <= 6.6.8" | isagraf6_workbench |
Affected
| ||||||
Rockwellautomation Search vendor "Rockwellautomation" | Isagraf Runtime Search vendor "Rockwellautomation" for product "Isagraf Runtime" | >= 5.0 < 6.0 Search vendor "Rockwellautomation" for product "Isagraf Runtime" and version " >= 5.0 < 6.0" | - |
Affected
| ||||||
Xylem Search vendor "Xylem" | Multismart Firmware Search vendor "Xylem" for product "Multismart Firmware" | < 3.2.0 Search vendor "Xylem" for product "Multismart Firmware" and version " < 3.2.0" | - |
Affected
|