CVE-2020-25180
Rockwell Automation ISaGRAF5 Runtime Use of Hard-coded Cryptographic Key
Severity Score
6.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x includes the functionality of setting a password that is required to execute privileged commands. The password value passed to ISaGRAF Runtime is the result of encryption performed with a fixed key value using the tiny encryption algorithm (TEA) on an entered or saved password. A remote, unauthenticated attacker could pass their own encrypted password to the ISaGRAF 5 Runtime, which may result in information disclosure on the device.
Rockwell Automation ISaGRAF Runtime versiones 4.x y 5.x, incluyen la funcionalidad setting a password que es requerida para ejecutar comandos privilegiados. El valor de la contraseña que es pasada a ISaGRAF Runtime es el resultado de la encriptación llevada a cabo con un valor de clave fijo usando el algoritmo de encriptación diminuto (TEA) en una contraseña introducida o guardada. Un atacante remoto, no autenticado, podría pasar su propia contraseña encriptada al ISaGRAF 5 Runtime, lo que podría resultar en una divulgación de información en el dispositivo
*Credits:
Kaspersky reported these vulnerabilities to Rockwell Automation.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-09-04 CVE Reserved
- 2022-03-18 CVE Published
- 2023-08-29 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-321: Use of Hard-coded Cryptographic Key
- CWE-798: Use of Hard-coded Credentials
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01 | Third Party Advisory | |
| https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04 | 2022-04-04 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Schneider-electric Search vendor "Schneider-electric" | Easergy T300 Firmware Search vendor "Schneider-electric" for product "Easergy T300 Firmware" | <= 2.7.1 Search vendor "Schneider-electric" for product "Easergy T300 Firmware" and version " <= 2.7.1" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Easergy T300 Search vendor "Schneider-electric" for product "Easergy T300" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Easergy C5 Firmware Search vendor "Schneider-electric" for product "Easergy C5 Firmware" | < 1.1.0 Search vendor "Schneider-electric" for product "Easergy C5 Firmware" and version " < 1.1.0" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Easergy C5 Search vendor "Schneider-electric" for product "Easergy C5" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Micom C264 Firmware Search vendor "Schneider-electric" for product "Micom C264 Firmware" | < d6.1 Search vendor "Schneider-electric" for product "Micom C264 Firmware" and version " < d6.1" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Micom C264 Search vendor "Schneider-electric" for product "Micom C264" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Pacis Gtw Firmware Search vendor "Schneider-electric" for product "Pacis Gtw Firmware" | 5.1 Search vendor "Schneider-electric" for product "Pacis Gtw Firmware" and version "5.1" | windows |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Pacis Gtw Search vendor "Schneider-electric" for product "Pacis Gtw" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Pacis Gtw Firmware Search vendor "Schneider-electric" for product "Pacis Gtw Firmware" | 5.2 Search vendor "Schneider-electric" for product "Pacis Gtw Firmware" and version "5.2" | windows |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Pacis Gtw Search vendor "Schneider-electric" for product "Pacis Gtw" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Pacis Gtw Firmware Search vendor "Schneider-electric" for product "Pacis Gtw Firmware" | 6.1 Search vendor "Schneider-electric" for product "Pacis Gtw Firmware" and version "6.1" | windows |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Pacis Gtw Search vendor "Schneider-electric" for product "Pacis Gtw" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Pacis Gtw Firmware Search vendor "Schneider-electric" for product "Pacis Gtw Firmware" | 6.3 Search vendor "Schneider-electric" for product "Pacis Gtw Firmware" and version "6.3" | linux |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Pacis Gtw Search vendor "Schneider-electric" for product "Pacis Gtw" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Pacis Gtw Firmware Search vendor "Schneider-electric" for product "Pacis Gtw Firmware" | 6.3 Search vendor "Schneider-electric" for product "Pacis Gtw Firmware" and version "6.3" | windows |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Pacis Gtw Search vendor "Schneider-electric" for product "Pacis Gtw" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Saitel Dp Firmware Search vendor "Schneider-electric" for product "Saitel Dp Firmware" | <= 11.06.21 Search vendor "Schneider-electric" for product "Saitel Dp Firmware" and version " <= 11.06.21" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Saitel Dp Search vendor "Schneider-electric" for product "Saitel Dp" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Epas Gtw Firmware Search vendor "Schneider-electric" for product "Epas Gtw Firmware" | 6.4 Search vendor "Schneider-electric" for product "Epas Gtw Firmware" and version "6.4" | linux |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Epas Gtw Search vendor "Schneider-electric" for product "Epas Gtw" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Epas Gtw Firmware Search vendor "Schneider-electric" for product "Epas Gtw Firmware" | 6.4 Search vendor "Schneider-electric" for product "Epas Gtw Firmware" and version "6.4" | windows |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Epas Gtw Search vendor "Schneider-electric" for product "Epas Gtw" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Saitel Dr Firmware Search vendor "Schneider-electric" for product "Saitel Dr Firmware" | <= 11.06.12 Search vendor "Schneider-electric" for product "Saitel Dr Firmware" and version " <= 11.06.12" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Saitel Dr Search vendor "Schneider-electric" for product "Saitel Dr" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Scd2200 Firmware Search vendor "Schneider-electric" for product "Scd2200 Firmware" | <= 10024 Search vendor "Schneider-electric" for product "Scd2200 Firmware" and version " <= 10024" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Cp-3 Search vendor "Schneider-electric" for product "Cp-3" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Scd2200 Firmware Search vendor "Schneider-electric" for product "Scd2200 Firmware" | <= 10024 Search vendor "Schneider-electric" for product "Scd2200 Firmware" and version " <= 10024" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Mc-31 Search vendor "Schneider-electric" for product "Mc-31" | - | - |
Safe
|
| Rockwellautomation Search vendor "Rockwellautomation" | Micro810 Firmware Search vendor "Rockwellautomation" for product "Micro810 Firmware" | - | - |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | Micro810 Search vendor "Rockwellautomation" for product "Micro810" | - | - |
Safe
|
| Rockwellautomation Search vendor "Rockwellautomation" | Micro820 Firmware Search vendor "Rockwellautomation" for product "Micro820 Firmware" | - | - |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | Micro820 Search vendor "Rockwellautomation" for product "Micro820" | - | - |
Safe
|
| Rockwellautomation Search vendor "Rockwellautomation" | Micro830 Firmware Search vendor "Rockwellautomation" for product "Micro830 Firmware" | - | - |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | Micro830 Search vendor "Rockwellautomation" for product "Micro830" | - | - |
Safe
|
| Rockwellautomation Search vendor "Rockwellautomation" | Micro850 Firmware Search vendor "Rockwellautomation" for product "Micro850 Firmware" | - | - |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | Micro850 Search vendor "Rockwellautomation" for product "Micro850" | - | - |
Safe
|
| Rockwellautomation Search vendor "Rockwellautomation" | Micro870 Firmware Search vendor "Rockwellautomation" for product "Micro870 Firmware" | - | - |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | Micro870 Search vendor "Rockwellautomation" for product "Micro870" | - | - |
Safe
|
| Rockwellautomation Search vendor "Rockwellautomation" | Aadvance Controller Search vendor "Rockwellautomation" for product "Aadvance Controller" | <= 1.40 Search vendor "Rockwellautomation" for product "Aadvance Controller" and version " <= 1.40" | - |
Affected
| ||||||
| Rockwellautomation Search vendor "Rockwellautomation" | Isagraf Free Runtime Search vendor "Rockwellautomation" for product "Isagraf Free Runtime" | <= 6.6.8 Search vendor "Rockwellautomation" for product "Isagraf Free Runtime" and version " <= 6.6.8" | isagraf6_workbench |
Affected
| ||||||
| Rockwellautomation Search vendor "Rockwellautomation" | Isagraf Runtime Search vendor "Rockwellautomation" for product "Isagraf Runtime" | >= 5.0 < 6.0 Search vendor "Rockwellautomation" for product "Isagraf Runtime" and version " >= 5.0 < 6.0" | - |
Affected
| ||||||
| Xylem Search vendor "Xylem" | Multismart Firmware Search vendor "Xylem" for product "Multismart Firmware" | < 3.2.0 Search vendor "Xylem" for product "Multismart Firmware" and version " < 3.2.0" | - |
Affected
| ||||||