Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2024-AVI-0013
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Schneider Electric. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
Vendor | Product | Description | ||
---|---|---|---|---|
Schneider Electric | N/A | Easergy Studio versions antérieures à v9.3.5 | ||
Schneider Electric | N/A | Magelis XBT | ||
Schneider Electric | N/A | Modicon M580 versions antérieures à sv4.20 | ||
Schneider Electric | N/A | EcoStruxure Control Expert versions antérieures à v16.0 | ||
Schneider Electric | N/A | Harmony/Magelis HMISCU versions antérieures à 6.3.1 | ||
Schneider Electric | N/A | contrôleurs PacDrive sans le dernier correctif de sécurité | ||
Schneider Electric | N/A | PowerLogic T300, MiCOM C264 D7.21 (et ultérieures) ou Easergy C5 1.1.6 (et ultérieures), PACiS GTW et EPAS GTW sans les dernières mesures de contournement | ||
Schneider Electric | N/A | contrôleurs Modicon M241, M251 et M262, HMISCU et EcoStruxure Machine Expert sans les derniers correctifs de sécurité et mesures de contournement |
References
Title | Publication Time | Tags | ||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "$ref": "https://www.cert.ssi.gouv.fr/openapi.json", "affected_systems": [ { "description": "Easergy Studio versions ant\u00e9rieures \u00e0 v9.3.5", "product": { "name": "N/A", "vendor": { "name": "Schneider Electric", "scada": true } } }, { "description": "Magelis XBT", "product": { "name": "N/A", "vendor": { "name": "Schneider Electric", "scada": true } } }, { "description": "Modicon M580 versions ant\u00e9rieures \u00e0 sv4.20", "product": { "name": "N/A", "vendor": { "name": "Schneider Electric", "scada": true } } }, { "description": "EcoStruxure Control Expert versions ant\u00e9rieures \u00e0 v16.0", "product": { "name": "N/A", "vendor": { "name": "Schneider Electric", "scada": true } } }, { "description": "Harmony/Magelis HMISCU versions ant\u00e9rieures \u00e0 6.3.1", "product": { "name": "N/A", "vendor": { "name": "Schneider Electric", "scada": true } } }, { "description": "contr\u00f4leurs PacDrive sans le dernier correctif de s\u00e9curit\u00e9", "product": { "name": "N/A", "vendor": { "name": "Schneider Electric", "scada": true } } }, { "description": "PowerLogic T300, MiCOM C264 D7.21 (et ult\u00e9rieures) ou Easergy C5 1.1.6 (et ult\u00e9rieures), PACiS GTW et EPAS GTW sans les derni\u00e8res mesures de contournement", "product": { "name": "N/A", "vendor": { "name": "Schneider Electric", "scada": true } } }, { "description": "contr\u00f4leurs Modicon M241, M251 et M262, HMISCU et EcoStruxure Machine Expert sans les derniers correctifs de s\u00e9curit\u00e9 et mesures de contournement", "product": { "name": "N/A", "vendor": { "name": "Schneider Electric", "scada": true } } } ], "affected_systems_content": null, "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n", "cves": [ { "name": "CVE-2022-4046", "url": "https://www.cve.org/CVERecord?id=CVE-2022-4046" }, { "name": "CVE-2023-7032", "url": "https://www.cve.org/CVERecord?id=CVE-2023-7032" }, { "name": "CVE-2023-27976", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27976" }, { "name": "CVE-2023-1548", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1548" }, { "name": "CVE-2020-25176", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25176" }, { "name": "CVE-2020-25178", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25178" }, { "name": "CVE-2023-28355", "url": "https://www.cve.org/CVERecord?id=CVE-2023-28355" }, { "name": "CVE-2022-4224", "url": "https://www.cve.org/CVERecord?id=CVE-2022-4224" }, { "name": "CVE-2020-25180", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25180" }, { "name": "CVE-2019-6833", "url": "https://www.cve.org/CVERecord?id=CVE-2019-6833" }, { "name": "CVE-2020-25184", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25184" }, { "name": "CVE-2020-25182", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25182" } ], "initial_release_date": "2024-01-09T00:00:00", "last_revision_date": "2024-01-09T00:00:00", "links": [], "reference": "CERTFR-2024-AVI-0013", "revisions": [ { "description": "Version initiale", "revision_date": "2024-01-09T00:00:00.000000" } ], "risks": [ { "description": "D\u00e9ni de service \u00e0 distance" }, { "description": "Ex\u00e9cution de code arbitraire \u00e0 distance" }, { "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es" }, { "description": "Contournement de la politique de s\u00e9curit\u00e9" }, { "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es" }, { "description": "\u00c9l\u00e9vation de privil\u00e8ges" } ], "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider Electric. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n", "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider Electric", "vendor_advisories": [ { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-225-01 du 13 ao\u00fbt 2019", "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2019-225-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=sevd-2019-225-01.json" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2024-009-02 du 09 janvier 2024", "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-009-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2024-009-02.pdf" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2023-101-03 du 11 avril 2023", "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-101-03.pdf" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2023-010-06 du 10 janvier 2023", "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-06\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-010-06_Modicon_Controllers_Security_Notification.pdf" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2023-101-01 du 11 avril 2023", "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-101-01.pdf" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2023-192-04 du 11 juillet 2023", "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-192-04.pdf" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2021-159-04 du 10 janvier 2023", "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-159-04_ISaGRAF_Security_Notification.pdf" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2021-159-04 du 08 juin 2021", "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-159-04_ISaGRAF_Security_Notification.pdf" } ] }
CVE-2019-6833 (GCVE-0-2019-6833)
Vulnerability from cvelistv5
Published
2019-09-17 19:36
Modified
2025-09-30 14:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-754 - – Improper Check for Unusual or Exceptional Conditions
Summary
A CWE-754 – Improper Check for Unusual or Exceptional Conditions vulnerability exists in Magelis HMI Panels (all versions of - HMIGTO, HMISTO, XBTGH, HMIGTU, HMIGTUX, HMISCU, HMISTU, XBTGT, XBTGT, HMIGXO, HMIGXU), which could cause a temporary freeze of the HMI when a high rate of frames is received. When the attack stops, the buffered commands are processed by the HMI panel.
References
URL | Tags | |||||||
---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Schneider Electric SE | Magelis HMI Panels |
Version: all versions of HMIGTO Version: all versions of HMISTO Version: all versions of XBTGH Version: all versions of HMIGTU Version: all versions of HMIGTUX Version: all versions of HMISCU Version: all versions of HMISTU Version: all versions of XBTGT Version: all versions of HMIGXO Version: all versions of HMIGXU |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T20:31:04.400Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-225-01" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://security.cse.iitk.ac.in/responsible-disclosure" } ], "title": "CVE Program Container" }, { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2019-6833", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-09-30T14:36:06.892056Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-09-30T14:36:19.669Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Magelis HMI Panels", "vendor": "Schneider Electric SE", "versions": [ { "status": "affected", "version": "all versions of HMIGTO" }, { "status": "affected", "version": "all versions of HMISTO" }, { "status": "affected", "version": "all versions of XBTGH" }, { "status": "affected", "version": "all versions of HMIGTU" }, { "status": "affected", "version": "all versions of HMIGTUX" }, { "status": "affected", "version": "all versions of HMISCU" }, { "status": "affected", "version": "all versions of HMISTU" }, { "status": "affected", "version": "all versions of XBTGT" }, { "status": "affected", "version": "all versions of HMIGXO" }, { "status": "affected", "version": "all versions of HMIGXU" } ] } ], "descriptions": [ { "lang": "en", "value": "A CWE-754 \u2013 Improper Check for Unusual or Exceptional Conditions vulnerability exists in Magelis HMI Panels (all versions of - HMIGTO, HMISTO, XBTGH, HMIGTU, HMIGTUX, HMISCU, HMISTU, XBTGT, XBTGT, HMIGXO, HMIGXU), which could cause a temporary freeze of the HMI when a high rate of frames is received. When the attack stops, the buffered commands are processed by the HMI panel." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-754", "description": "CWE-754 \u2013 Improper Check for Unusual or Exceptional Conditions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-10-02T12:13:24.000Z", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-225-01" }, { "tags": [ "x_refsource_MISC" ], "url": "https://security.cse.iitk.ac.in/responsible-disclosure" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2019-6833", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Magelis HMI Panels", "version": { "version_data": [ { "version_value": "all versions of HMIGTO" }, { "version_value": "all versions of HMISTO" }, { "version_value": "all versions of XBTGH" }, { "version_value": "all versions of HMIGTU" }, { "version_value": "all versions of HMIGTUX" }, { "version_value": "all versions of HMISCU" }, { "version_value": "all versions of HMISTU" }, { "version_value": "all versions of XBTGT" }, { "version_value": "all versions of XBTGT" }, { "version_value": "all versions of HMIGXO" }, { "version_value": "all versions of HMIGXU" } ] } } ] }, "vendor_name": "Schneider Electric SE" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A CWE-754 \u2013 Improper Check for Unusual or Exceptional Conditions vulnerability exists in Magelis HMI Panels (all versions of - HMIGTO, HMISTO, XBTGH, HMIGTU, HMIGTUX, HMISCU, HMISTU, XBTGT, XBTGT, HMIGXO, HMIGXU), which could cause a temporary freeze of the HMI when a high rate of frames is received. When the attack stops, the buffered commands are processed by the HMI panel." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-754 \u2013 Improper Check for Unusual or Exceptional Conditions" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-225-01", "refsource": "CONFIRM", "url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-225-01" }, { "name": "https://security.cse.iitk.ac.in/responsible-disclosure", "refsource": "MISC", "url": "https://security.cse.iitk.ac.in/responsible-disclosure" } ] } } } }, "cveMetadata": { "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2019-6833", "datePublished": "2019-09-17T19:36:57.000Z", "dateReserved": "2019-01-25T00:00:00.000Z", "dateUpdated": "2025-09-30T14:36:19.669Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-1548 (GCVE-0-2023-1548)
Vulnerability from cvelistv5
Published
2023-04-18 16:42
Modified
2025-02-05 21:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-269 - Improper Privilege Management
Summary
A CWE-269: Improper Privilege Management vulnerability exists that could cause a local user to
perform a denial of service through the console server service that is part of EcoStruxure Control Expert. Affected Products: EcoStruxure Control Expert (V15.1 and above)
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Schneider Electric | EcoStruxure Control Expert |
Version: V15.1 and above |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:49:11.660Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-101-03.pdf" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-1548", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-02-05T21:14:14.526696Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-02-05T21:14:31.860Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "EcoStruxure Control Expert", "vendor": "Schneider Electric", "versions": [ { "status": "affected", "version": "V15.1 and above" } ] } ], "datePublic": "2023-04-11T16:26:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\nA CWE-269: Improper Privilege Management vulnerability exists that could cause a local user to\nperform a denial of service through the console server service that is part of EcoStruxure Control Expert. Affected Products:\u0026nbsp;EcoStruxure Control Expert (V15.1 and above)" } ], "value": "\nA CWE-269: Improper Privilege Management vulnerability exists that could cause a local user to\nperform a denial of service through the console server service that is part of EcoStruxure Control Expert. Affected Products:\u00a0EcoStruxure Control Expert (V15.1 and above)" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-12T03:14:16.623Z", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider" }, "references": [ { "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-101-03.pdf" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2023-1548", "datePublished": "2023-04-18T16:42:18.451Z", "dateReserved": "2023-03-21T13:01:16.404Z", "dateUpdated": "2025-02-05T21:14:31.860Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-7032 (GCVE-0-2023-7032)
Vulnerability from cvelistv5
Published
2024-01-09 19:30
Modified
2024-11-14 15:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Summary
A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker
logged in with a user level account to gain higher privileges by providing a harmful serialized
object.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Schneider Electric | Easergy Studio |
Version: All < |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:50:07.764Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-009-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2024-009-02.pdf" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-7032", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-01-20T05:00:32.605811Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-14T15:09:02.901Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Easergy Studio", "vendor": "Schneider Electric", "versions": [ { "lessThanOrEqual": "\u003c=9.3.5", "status": "affected", "version": "All ", "versionType": "custom" } ] } ], "datePublic": "2024-01-09T08:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\nA CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker\nlogged in with a user level account to gain higher privileges by providing a harmful serialized\nobject.\n\n" } ], "value": "\nA CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker\nlogged in with a user level account to gain higher privileges by providing a harmful serialized\nobject.\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-09T19:30:19.835Z", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider" }, "references": [ { "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-009-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2024-009-02.pdf" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2023-7032", "datePublished": "2024-01-09T19:30:19.835Z", "dateReserved": "2023-12-20T22:29:58.270Z", "dateUpdated": "2024-11-14T15:09:02.901Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2020-25180 (GCVE-0-2020-25180)
Vulnerability from cvelistv5
Published
2022-03-18 18:00
Modified
2025-04-16 16:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-321 - Use of Hard-coded Cryptographic Key
Summary
Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x includes the functionality of setting a password that is required to execute privileged commands. The password value passed to ISaGRAF Runtime is the result of encryption performed with a fixed key value using the tiny encryption algorithm (TEA) on an entered or saved password. A remote, unauthenticated attacker could pass their own encrypted password to the ISaGRAF 5 Runtime, which may result in information disclosure on the device.
References
URL | Tags | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Rockwell Automation | ISaGRAF Runtime |
Version: 4.x Version: 5.x |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T15:26:09.581Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2020-25180", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-04-16T15:55:32.683113Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-04-16T16:41:46.019Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "ISaGRAF Runtime", "vendor": "Rockwell Automation", "versions": [ { "status": "affected", "version": "4.x" }, { "status": "affected", "version": "5.x" } ] } ], "credits": [ { "lang": "en", "value": "Kaspersky reported these vulnerabilities to Rockwell Automation." } ], "descriptions": [ { "lang": "en", "value": "Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x includes the functionality of setting a password that is required to execute privileged commands. The password value passed to ISaGRAF Runtime is the result of encryption performed with a fixed key value using the tiny encryption algorithm (TEA) on an entered or saved password. A remote, unauthenticated attacker could pass their own encrypted password to the ISaGRAF 5 Runtime, which may result in information disclosure on the device." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-321", "description": "CWE-321 Use of Hard-coded Cryptographic Key", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-03-18T18:00:33.000Z", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf" } ], "solutions": [ { "lang": "en", "value": "Rockwell Automation recommends users update to ISaGRAF Runtime 5 Version 5.72.00. End users are encouraged to restrict or block access on TCP 1131 and TCP 1132 from outside the industrial control system. Confirm the least-privilege user principle is followed and user/service account access to Runtime\u0027s folder location is granted with a minimum amount of rights needed.\n\nRockwell Automation recommends users of affected versions evaluate the mitigations provided and apply the appropriate mitigations to deployed products. Users are encouraged to combine this guidance with the general security guidelines for a comprehensive defense-in-depth strategy.\n\nTo reduce risk, Rockwell Automation recommends users:\n Employ proper network segmentation and security controls.\n Minimize network exposure for all control system devices.\n Locate control systems behind firewalls.\n Isolate control systems from other networks when possible.\n Refer to the Converged Plantwide Ethernet (CPwE) Design and Implementation Guide for best practices deploying network segmentation and broader defense-in-depth strategies.\n Consider using proper network infrastructure controls, such as firewalls, UTM devices, VPN, or other security appliances.\n Ensure the least-privilege user principle is followed, and user/service account access to Runtime\u2019s folder location is granted with a minimum amount of rights, as needed.\n\nPlease see publications from Rockwell Automation and Schneider Electric, Xylem, or contact GE for further information about how to mitigate these vulnerabilities in additional affected products." } ], "source": { "discovery": "EXTERNAL" }, "title": "Rockwell Automation ISaGRAF5 Runtime Use of Hard-coded Cryptographic Key", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2020-25180", "STATE": "PUBLIC", "TITLE": "Rockwell Automation ISaGRAF5 Runtime Use of Hard-coded Cryptographic Key" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "ISaGRAF Runtime", "version": { "version_data": [ { "version_affected": "=", "version_value": "4.x" }, { "version_affected": "=", "version_value": "5.x" } ] } } ] }, "vendor_name": "Rockwell Automation" } ] } }, "credit": [ { "lang": "eng", "value": "Kaspersky reported these vulnerabilities to Rockwell Automation." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x includes the functionality of setting a password that is required to execute privileged commands. The password value passed to ISaGRAF Runtime is the result of encryption performed with a fixed key value using the tiny encryption algorithm (TEA) on an entered or saved password. A remote, unauthenticated attacker could pass their own encrypted password to the ISaGRAF 5 Runtime, which may result in information disclosure on the device." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-321 Use of Hard-coded Cryptographic Key" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01", "refsource": "CONFIRM", "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01" }, { "name": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699", "refsource": "CONFIRM", "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699" }, { "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04", "refsource": "CONFIRM", "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04" }, { "name": "https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf", "refsource": "CONFIRM", "url": "https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf" } ] }, "solution": [ { "lang": "en", "value": "Rockwell Automation recommends users update to ISaGRAF Runtime 5 Version 5.72.00. End users are encouraged to restrict or block access on TCP 1131 and TCP 1132 from outside the industrial control system. Confirm the least-privilege user principle is followed and user/service account access to Runtime\u0027s folder location is granted with a minimum amount of rights needed.\n\nRockwell Automation recommends users of affected versions evaluate the mitigations provided and apply the appropriate mitigations to deployed products. Users are encouraged to combine this guidance with the general security guidelines for a comprehensive defense-in-depth strategy.\n\nTo reduce risk, Rockwell Automation recommends users:\n Employ proper network segmentation and security controls.\n Minimize network exposure for all control system devices.\n Locate control systems behind firewalls.\n Isolate control systems from other networks when possible.\n Refer to the Converged Plantwide Ethernet (CPwE) Design and Implementation Guide for best practices deploying network segmentation and broader defense-in-depth strategies.\n Consider using proper network infrastructure controls, such as firewalls, UTM devices, VPN, or other security appliances.\n Ensure the least-privilege user principle is followed, and user/service account access to Runtime\u2019s folder location is granted with a minimum amount of rights, as needed.\n\nPlease see publications from Rockwell Automation and Schneider Electric, Xylem, or contact GE for further information about how to mitigate these vulnerabilities in additional affected products." } ], "source": { "discovery": "EXTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2020-25180", "datePublished": "2022-03-18T18:00:33.000Z", "dateReserved": "2020-09-04T00:00:00.000Z", "dateUpdated": "2025-04-16T16:41:46.019Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2020-25182 (GCVE-0-2020-25182)
Vulnerability from cvelistv5
Published
2022-03-18 18:00
Modified
2025-04-16 17:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-427 - Uncontrolled Search Path Element
Summary
Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. Uncontrolled loading of dynamic libraries could allow a local, unauthenticated attacker to execute arbitrary code. This vulnerability only affects ISaGRAF Runtime when running on Microsoft Windows systems.
References
URL | Tags | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Rockwell Automation | ISaGRAF Runtime |
Version: 4.x Version: 5.x |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T15:26:09.509Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2020-25182", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-04-16T17:30:58.796672Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-04-16T17:59:44.664Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "ISaGRAF Runtime", "vendor": "Rockwell Automation", "versions": [ { "status": "affected", "version": "4.x" }, { "status": "affected", "version": "5.x" } ] } ], "credits": [ { "lang": "en", "value": "Kaspersky reported these vulnerabilities to Rockwell Automation." } ], "descriptions": [ { "lang": "en", "value": "Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. Uncontrolled loading of dynamic libraries could allow a local, unauthenticated attacker to execute arbitrary code. This vulnerability only affects ISaGRAF Runtime when running on Microsoft Windows systems." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-427", "description": "CWE-427 Uncontrolled Search Path Element", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-03-18T18:00:30.000Z", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf" } ], "solutions": [ { "lang": "en", "value": "Rockwell Automation recommends users update to ISaGRAF Runtime 5 Version 5.72.00. End users are encouraged to restrict or block access on TCP 1131 and TCP 1132 from outside the industrial control system. Confirm the least-privilege user principle is followed and user/service account access to Runtime\u0027s folder location is granted with a minimum amount of rights needed.\n\nRockwell Automation recommends users of affected versions evaluate the mitigations provided and apply the appropriate mitigations to deployed products. Users are encouraged to combine this guidance with the general security guidelines for a comprehensive defense-in-depth strategy.\n\nTo reduce risk, Rockwell Automation recommends users:\n Employ proper network segmentation and security controls.\n Minimize network exposure for all control system devices.\n Locate control systems behind firewalls.\n Isolate control systems from other networks when possible.\n Refer to the Converged Plantwide Ethernet (CPwE) Design and Implementation Guide for best practices deploying network segmentation and broader defense-in-depth strategies.\n Consider using proper network infrastructure controls, such as firewalls, UTM devices, VPN, or other security appliances.\n Ensure the least-privilege user principle is followed, and user/service account access to Runtime\u2019s folder location is granted with a minimum amount of rights, as needed.\n\nPlease see publications from Rockwell Automation and Schneider Electric, Xylem, or contact GE for further information about how to mitigate these vulnerabilities in additional affected products." } ], "source": { "discovery": "EXTERNAL" }, "title": "Rockwell Automation ISaGRAF5 Runtime Uncontrolled Search Path Element", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2020-25182", "STATE": "PUBLIC", "TITLE": "Rockwell Automation ISaGRAF5 Runtime Uncontrolled Search Path Element" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "ISaGRAF Runtime", "version": { "version_data": [ { "version_affected": "=", "version_value": "4.x" }, { "version_affected": "=", "version_value": "5.x" } ] } } ] }, "vendor_name": "Rockwell Automation" } ] } }, "credit": [ { "lang": "eng", "value": "Kaspersky reported these vulnerabilities to Rockwell Automation." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. Uncontrolled loading of dynamic libraries could allow a local, unauthenticated attacker to execute arbitrary code. This vulnerability only affects ISaGRAF Runtime when running on Microsoft Windows systems." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-427 Uncontrolled Search Path Element" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01", "refsource": "CONFIRM", "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01" }, { "name": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699", "refsource": "CONFIRM", "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699" }, { "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04", "refsource": "CONFIRM", "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04" }, { "name": "https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf", "refsource": "CONFIRM", "url": "https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf" } ] }, "solution": [ { "lang": "en", "value": "Rockwell Automation recommends users update to ISaGRAF Runtime 5 Version 5.72.00. End users are encouraged to restrict or block access on TCP 1131 and TCP 1132 from outside the industrial control system. Confirm the least-privilege user principle is followed and user/service account access to Runtime\u0027s folder location is granted with a minimum amount of rights needed.\n\nRockwell Automation recommends users of affected versions evaluate the mitigations provided and apply the appropriate mitigations to deployed products. Users are encouraged to combine this guidance with the general security guidelines for a comprehensive defense-in-depth strategy.\n\nTo reduce risk, Rockwell Automation recommends users:\n Employ proper network segmentation and security controls.\n Minimize network exposure for all control system devices.\n Locate control systems behind firewalls.\n Isolate control systems from other networks when possible.\n Refer to the Converged Plantwide Ethernet (CPwE) Design and Implementation Guide for best practices deploying network segmentation and broader defense-in-depth strategies.\n Consider using proper network infrastructure controls, such as firewalls, UTM devices, VPN, or other security appliances.\n Ensure the least-privilege user principle is followed, and user/service account access to Runtime\u2019s folder location is granted with a minimum amount of rights, as needed.\n\nPlease see publications from Rockwell Automation and Schneider Electric, Xylem, or contact GE for further information about how to mitigate these vulnerabilities in additional affected products." } ], "source": { "discovery": "EXTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2020-25182", "datePublished": "2022-03-18T18:00:30.000Z", "dateReserved": "2020-09-04T00:00:00.000Z", "dateUpdated": "2025-04-16T17:59:44.664Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2020-25178 (GCVE-0-2020-25178)
Vulnerability from cvelistv5
Published
2022-03-18 18:00
Modified
2025-04-16 17:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Summary
ISaGRAF Workbench communicates with Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x using TCP/IP. This communication protocol provides various file system operations, as well as the uploading of applications. Data is transferred over this protocol unencrypted, which could allow a remote unauthenticated attacker to upload, read, and delete files.
References
URL | Tags | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Rockwell Automation | ISaGRAF Runtime |
Version: 4.x Version: 5.x |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T15:26:09.783Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2020-25178", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-04-16T17:31:01.981533Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-04-16T17:59:55.844Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "ISaGRAF Runtime", "vendor": "Rockwell Automation", "versions": [ { "status": "affected", "version": "4.x" }, { "status": "affected", "version": "5.x" } ] } ], "credits": [ { "lang": "en", "value": "Kaspersky reported these vulnerabilities to Rockwell Automation." } ], "descriptions": [ { "lang": "en", "value": "ISaGRAF Workbench communicates with Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x using TCP/IP. This communication protocol provides various file system operations, as well as the uploading of applications. Data is transferred over this protocol unencrypted, which could allow a remote unauthenticated attacker to upload, read, and delete files." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-319", "description": "CWE-319 Cleartext Transmission of Sensitive Information", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-03-18T18:00:30.000Z", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf" } ], "solutions": [ { "lang": "en", "value": "Rockwell Automation recommends users update to ISaGRAF Runtime 5 Version 5.72.00. End users are encouraged to restrict or block access on TCP 1131 and TCP 1132 from outside the industrial control system. Confirm the least-privilege user principle is followed and user/service account access to Runtime\u0027s folder location is granted with a minimum amount of rights needed.\n\nRockwell Automation recommends users of affected versions evaluate the mitigations provided and apply the appropriate mitigations to deployed products. Users are encouraged to combine this guidance with the general security guidelines for a comprehensive defense-in-depth strategy.\n\nTo reduce risk, Rockwell Automation recommends users:\n Employ proper network segmentation and security controls.\n Minimize network exposure for all control system devices.\n Locate control systems behind firewalls.\n Isolate control systems from other networks when possible.\n Refer to the Converged Plantwide Ethernet (CPwE) Design and Implementation Guide for best practices deploying network segmentation and broader defense-in-depth strategies.\n Consider using proper network infrastructure controls, such as firewalls, UTM devices, VPN, or other security appliances.\n Ensure the least-privilege user principle is followed, and user/service account access to Runtime\u2019s folder location is granted with a minimum amount of rights, as needed.\n\nPlease see publications from Rockwell Automation and Schneider Electric, Xylem, or contact GE for further information about how to mitigate these vulnerabilities in additional affected products." } ], "source": { "discovery": "EXTERNAL" }, "title": "Rockwell Automation ISaGRAF5 Runtime Cleartext Transmission of Sensitive Information", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2020-25178", "STATE": "PUBLIC", "TITLE": "Rockwell Automation ISaGRAF5 Runtime Cleartext Transmission of Sensitive Information" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "ISaGRAF Runtime", "version": { "version_data": [ { "version_affected": "=", "version_value": "4.x" }, { "version_affected": "=", "version_value": "5.x" } ] } } ] }, "vendor_name": "Rockwell Automation" } ] } }, "credit": [ { "lang": "eng", "value": "Kaspersky reported these vulnerabilities to Rockwell Automation." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "ISaGRAF Workbench communicates with Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x using TCP/IP. This communication protocol provides various file system operations, as well as the uploading of applications. Data is transferred over this protocol unencrypted, which could allow a remote unauthenticated attacker to upload, read, and delete files." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-319 Cleartext Transmission of Sensitive Information" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01", "refsource": "CONFIRM", "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01" }, { "name": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699", "refsource": "CONFIRM", "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699" }, { "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04", "refsource": "CONFIRM", "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04" }, { "name": "https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf", "refsource": "CONFIRM", "url": "https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf" } ] }, "solution": [ { "lang": "en", "value": "Rockwell Automation recommends users update to ISaGRAF Runtime 5 Version 5.72.00. End users are encouraged to restrict or block access on TCP 1131 and TCP 1132 from outside the industrial control system. Confirm the least-privilege user principle is followed and user/service account access to Runtime\u0027s folder location is granted with a minimum amount of rights needed.\n\nRockwell Automation recommends users of affected versions evaluate the mitigations provided and apply the appropriate mitigations to deployed products. Users are encouraged to combine this guidance with the general security guidelines for a comprehensive defense-in-depth strategy.\n\nTo reduce risk, Rockwell Automation recommends users:\n Employ proper network segmentation and security controls.\n Minimize network exposure for all control system devices.\n Locate control systems behind firewalls.\n Isolate control systems from other networks when possible.\n Refer to the Converged Plantwide Ethernet (CPwE) Design and Implementation Guide for best practices deploying network segmentation and broader defense-in-depth strategies.\n Consider using proper network infrastructure controls, such as firewalls, UTM devices, VPN, or other security appliances.\n Ensure the least-privilege user principle is followed, and user/service account access to Runtime\u2019s folder location is granted with a minimum amount of rights, as needed.\n\nPlease see publications from Rockwell Automation and Schneider Electric, Xylem, or contact GE for further information about how to mitigate these vulnerabilities in additional affected products." } ], "source": { "discovery": "EXTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2020-25178", "datePublished": "2022-03-18T18:00:30.000Z", "dateReserved": "2020-09-04T00:00:00.000Z", "dateUpdated": "2025-04-16T17:59:55.844Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-4224 (GCVE-0-2022-4224)
Vulnerability from cvelistv5
Published
2023-03-23 11:15
Modified
2024-08-03 01:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1188 - Insecure Default Initialization of Resource
Summary
In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS resources or DoS the device.
References
Impacted products
Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
CODESYS | Control RTE (SL) |
Version: 3.0.0.0 < 3.5.19.0 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:34:49.591Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17553\u0026token=cf49757d232ea8021f0c0dd6c65e71ea5942b12d\u0026download=" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Control RTE (SL) ", "vendor": "CODESYS", "versions": [ { "lessThan": "3.5.19.0", "status": "affected", "version": "3.0.0.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "Control RTE (for Beckhoff CX) SL", "vendor": "CODESYS", "versions": [ { "lessThan": "3.5.19.0", "status": "affected", "version": "3.0.0.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "Control Win (SL)", "vendor": "CODESYS", "versions": [ { "lessThan": "3.5.19.0", "status": "affected", "version": "3.0.0.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": " Runtime Toolkit ", "vendor": "CODESYS", "versions": [ { "lessThan": "3.5.19.0", "status": "affected", "version": "3.0.0.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "Safety SIL2 Runtime Toolkit", "vendor": "CODESYS", "versions": [ { "lessThan": "3.5.19.0", "status": "affected", "version": "3.0.0.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "Safety SIL2 PSP", "vendor": "CODESYS", "versions": [ { "lessThan": "3.5.19.0", "status": "affected", "version": "3.0.0.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "HMI (SL) ", "vendor": "CODESYS", "versions": [ { "lessThan": "3.5.19.0", "status": "affected", "version": "3.0.0.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "Development System V3", "vendor": "CODESYS", "versions": [ { "lessThan": "3.5.19.0", "status": "affected", "version": "3.0.0.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": " Control for BeagleBone SL ", "vendor": "CODESYS", "versions": [ { "lessThan": "4.8.0.0", "status": "affected", "version": "3.0.0.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "Control for emPC-A/iMX6 SL", "vendor": "CODESYS", "versions": [ { "lessThan": "4.8.0.0", "status": "affected", "version": "3.0.0.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "Control for IOT2000 SL", "vendor": "CODESYS", "versions": [ { "lessThan": "4.8.0.0", "status": "affected", "version": "3.0.0.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "Control for Linux SL", "vendor": "CODESYS", "versions": [ { "lessThan": "4.8.0.0", "status": "affected", "version": "3.0.0.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": " Control for PFC100 SL", "vendor": "CODESYS", "versions": [ { "lessThan": "4.8.0.0", "status": "affected", "version": "3.0.0.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": " Control for PFC200 SL", "vendor": "CODESYS", "versions": [ { "lessThan": "4.8.0.0", "status": "affected", "version": "3.0.0.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "Control for PLCnext SL", "vendor": "CODESYS", "versions": [ { "lessThan": "4.8.0.0", "status": "affected", "version": "3.0.0.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "Control for Raspberry Pi SL", "vendor": "CODESYS", "versions": [ { "lessThan": "4.8.0.0", "status": "affected", "version": "3.0.0.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "Control for WAGO Touch Panels 600 SL", "vendor": "CODESYS", "versions": [ { "lessThan": "4.8.0.0", "status": "affected", "version": "3.0.0.0", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Franklin Zhao from ELEX FEIGONG RESEARCH INSTITUTE of Elex CyberSecurity" }, { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Reid Wightman of Dragos" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "In multiple products of CODESYS v3 in multiple versions a remote low privileged user\u0026nbsp;could utilize this vulnerability to read and modify system files and OS resources or DoS the device." } ], "value": "In multiple products of CODESYS v3 in multiple versions a remote low privileged user\u00a0could utilize this vulnerability to read and modify system files and OS resources or DoS the device." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-1188", "description": "CWE-1188 Insecure Default Initialization of Resource", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-08-09T10:47:13.144Z", "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE" }, "references": [ { "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17553\u0026token=cf49757d232ea8021f0c0dd6c65e71ea5942b12d\u0026download=" } ], "source": { "defect": [ "CERT@VDE#64318" ], "discovery": "EXTERNAL" }, "title": "CODESYS: Exposure of Resource to Wrong Sphere in CODESYS V3", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "assignerShortName": "CERTVDE", "cveId": "CVE-2022-4224", "datePublished": "2023-03-23T11:15:37.014Z", "dateReserved": "2022-11-30T06:54:13.183Z", "dateUpdated": "2024-08-03T01:34:49.591Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2020-25184 (GCVE-0-2020-25184)
Vulnerability from cvelistv5
Published
2022-03-18 18:00
Modified
2025-04-16 17:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-256 - Unprotected Storage of Credentials
Summary
Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x stores the password in plaintext in a file that is in the same directory as the executable file. ISaGRAF Runtime reads the file and saves the data in a variable without any additional modification. A local, unauthenticated attacker could compromise the user passwords, resulting in information disclosure.
References
URL | Tags | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Rockwell Automation | ISaGRAF Runtime |
Version: 4.x Version: 5.x |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T15:26:10.252Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2020-25184", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-04-16T17:30:53.426611Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-04-16T17:59:21.555Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "ISaGRAF Runtime", "vendor": "Rockwell Automation", "versions": [ { "status": "affected", "version": "4.x" }, { "status": "affected", "version": "5.x" } ] } ], "credits": [ { "lang": "en", "value": "Kaspersky reported these vulnerabilities to Rockwell Automation." } ], "descriptions": [ { "lang": "en", "value": "Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x stores the password in plaintext in a file that is in the same directory as the executable file. ISaGRAF Runtime reads the file and saves the data in a variable without any additional modification. A local, unauthenticated attacker could compromise the user passwords, resulting in information disclosure." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-256", "description": "CWE-256 Unprotected Storage of Credentials", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-03-18T18:00:32.000Z", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf" } ], "solutions": [ { "lang": "en", "value": "Rockwell Automation recommends users update to ISaGRAF Runtime 5 Version 5.72.00. End users are encouraged to restrict or block access on TCP 1131 and TCP 1132 from outside the industrial control system. Confirm the least-privilege user principle is followed and user/service account access to Runtime\u0027s folder location is granted with a minimum amount of rights needed.\n\nRockwell Automation recommends users of affected versions evaluate the mitigations provided and apply the appropriate mitigations to deployed products. Users are encouraged to combine this guidance with the general security guidelines for a comprehensive defense-in-depth strategy.\n\nTo reduce risk, Rockwell Automation recommends users:\n Employ proper network segmentation and security controls.\n Minimize network exposure for all control system devices.\n Locate control systems behind firewalls.\n Isolate control systems from other networks when possible.\n Refer to the Converged Plantwide Ethernet (CPwE) Design and Implementation Guide for best practices deploying network segmentation and broader defense-in-depth strategies.\n Consider using proper network infrastructure controls, such as firewalls, UTM devices, VPN, or other security appliances.\n Ensure the least-privilege user principle is followed, and user/service account access to Runtime\u2019s folder location is granted with a minimum amount of rights, as needed.\n\nPlease see publications from Rockwell Automation and Schneider Electric, Xylem, or contact GE for further information about how to mitigate these vulnerabilities in additional affected products." } ], "source": { "discovery": "EXTERNAL" }, "title": "Rockwell Automation ISaGRAF5 Runtime Unprotected Storage of Credentials", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2020-25184", "STATE": "PUBLIC", "TITLE": "Rockwell Automation ISaGRAF5 Runtime Unprotected Storage of Credentials" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "ISaGRAF Runtime", "version": { "version_data": [ { "version_affected": "=", "version_value": "4.x" }, { "version_affected": "=", "version_value": "5.x" } ] } } ] }, "vendor_name": "Rockwell Automation" } ] } }, "credit": [ { "lang": "eng", "value": "Kaspersky reported these vulnerabilities to Rockwell Automation." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x stores the password in plaintext in a file that is in the same directory as the executable file. ISaGRAF Runtime reads the file and saves the data in a variable without any additional modification. A local, unauthenticated attacker could compromise the user passwords, resulting in information disclosure." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-256 Unprotected Storage of Credentials" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01", "refsource": "CONFIRM", "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01" }, { "name": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699", "refsource": "CONFIRM", "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699" }, { "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04", "refsource": "CONFIRM", "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04" }, { "name": "https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf", "refsource": "CONFIRM", "url": "https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf" } ] }, "solution": [ { "lang": "en", "value": "Rockwell Automation recommends users update to ISaGRAF Runtime 5 Version 5.72.00. End users are encouraged to restrict or block access on TCP 1131 and TCP 1132 from outside the industrial control system. Confirm the least-privilege user principle is followed and user/service account access to Runtime\u0027s folder location is granted with a minimum amount of rights needed.\n\nRockwell Automation recommends users of affected versions evaluate the mitigations provided and apply the appropriate mitigations to deployed products. Users are encouraged to combine this guidance with the general security guidelines for a comprehensive defense-in-depth strategy.\n\nTo reduce risk, Rockwell Automation recommends users:\n Employ proper network segmentation and security controls.\n Minimize network exposure for all control system devices.\n Locate control systems behind firewalls.\n Isolate control systems from other networks when possible.\n Refer to the Converged Plantwide Ethernet (CPwE) Design and Implementation Guide for best practices deploying network segmentation and broader defense-in-depth strategies.\n Consider using proper network infrastructure controls, such as firewalls, UTM devices, VPN, or other security appliances.\n Ensure the least-privilege user principle is followed, and user/service account access to Runtime\u2019s folder location is granted with a minimum amount of rights, as needed.\n\nPlease see publications from Rockwell Automation and Schneider Electric, Xylem, or contact GE for further information about how to mitigate these vulnerabilities in additional affected products." } ], "source": { "discovery": "EXTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2020-25184", "datePublished": "2022-03-18T18:00:32.000Z", "dateReserved": "2020-09-04T00:00:00.000Z", "dateUpdated": "2025-04-16T17:59:21.555Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-4046 (GCVE-0-2022-4046)
Vulnerability from cvelistv5
Published
2023-08-03 12:39
Modified
2024-10-22 19:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Summary
In CODESYS Control in multiple versions a improper restriction of operations within the bounds of a memory buffer allow an remote attacker with user privileges to gain full access of the device.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
CODESYS | CODESYS Control for BeagleBone SL |
Version: all |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:27:54.486Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert.vde.com/en/advisories/VDE-2023-025/" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-4046", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-22T19:43:34.142141Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-22T19:44:02.247Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "CODESYS Control for BeagleBone SL", "vendor": "CODESYS", "versions": [ { "status": "affected", "version": "all" } ] }, { "defaultStatus": "affected", "product": "CODESYS Control for emPC-A/iMX6 SL", "vendor": "CODESYS", "versions": [ { "status": "affected", "version": "all" } ] }, { "defaultStatus": "affected", "product": "CODESYS Control for IOT2000 SL", "vendor": "CODESYS", "versions": [ { "status": "affected", "version": "all" } ] }, { "defaultStatus": "affected", "product": "CODESYS Control for Linux SL", "vendor": "CODESYS", "versions": [ { "status": "affected", "version": "all" } ] }, { "defaultStatus": "affected", "product": "CODESYS Control for PFC100 SL", "vendor": "CODESYS", "versions": [ { "status": "affected", "version": "all" } ] }, { "defaultStatus": "affected", "product": "CODESYS Control for PFC200 SL", "vendor": "CODESYS", "versions": [ { "status": "affected", "version": "all" } ] }, { "defaultStatus": "affected", "product": "CODESYS Control for PLCnext SL", "vendor": "CODESYS", "versions": [ { "status": "affected", "version": "all" } ] }, { "defaultStatus": "affected", "product": "CODESYS Control for Raspberry Pi SL", "vendor": "CODESYS", "versions": [ { "status": "affected", "version": "all" } ] }, { "defaultStatus": "affected", "product": "CODESYS Control for WAGO Touch Panels 600 SL", "vendor": "CODESYS", "versions": [ { "status": "affected", "version": "all" } ] }, { "defaultStatus": "affected", "product": "CODESYS Control RTE (for Beckhoff CX) SL", "vendor": "CODESYS", "versions": [ { "status": "affected", "version": "all" } ] }, { "defaultStatus": "affected", "product": "CODESYS Control RTE (SL)", "vendor": "CODESYS", "versions": [ { "status": "affected", "version": "all" } ] }, { "defaultStatus": "affected", "product": "CODESYS Control Runtime System Toolkit", "vendor": "CODESYS", "versions": [ { "status": "affected", "version": "all" } ] }, { "defaultStatus": "affected", "product": "CODESYS Control Win (SL)", "vendor": "CODESYS", "versions": [ { "status": "affected", "version": "all" } ] }, { "defaultStatus": "affected", "product": "CODESYS HMI (SL)", "vendor": "CODESYS", "versions": [ { "status": "affected", "version": "all" } ] } ], "datePublic": "2023-08-03T10:30:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "In CODESYS Control in multiple versions a improper restriction of operations within the bounds of a memory buffer allow an remote attacker with user privileges to gain full access of the device." } ], "value": "In CODESYS Control in multiple versions a improper restriction of operations within the bounds of a memory buffer allow an remote attacker with user privileges to gain full access of the device." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-119", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-08-03T12:39:44.002Z", "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE" }, "references": [ { "url": "https://cert.vde.com/en/advisories/VDE-2023-025/" } ], "source": { "defect": [ "CERT@VDE#64299" ], "discovery": "EXTERNAL" }, "title": "CODESYS: Improper memory restrictions fro CODESYS Control", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "assignerShortName": "CERTVDE", "cveId": "CVE-2022-4046", "datePublished": "2023-08-03T12:39:44.002Z", "dateReserved": "2022-11-17T07:07:09.714Z", "dateUpdated": "2024-10-22T19:44:02.247Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-27976 (GCVE-0-2023-27976)
Vulnerability from cvelistv5
Published
2023-04-18 16:39
Modified
2025-02-05 21:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-668 - Exposure of Resource to Wrong Sphere
Summary
A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause
remote code execution when a valid user visits a malicious link provided through the web
endpoints. Affected Products: EcoStruxure Control Expert (V15.1 and above)
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Schneider Electric | EcoStruxure Control Expert |
Version: V15.1 and above |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T12:23:30.677Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-101-03.pdf" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-27976", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-02-05T21:02:09.581104Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-02-05T21:02:29.013Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "EcoStruxure Control Expert", "vendor": "Schneider Electric", "versions": [ { "status": "affected", "version": "V15.1 and above" } ] } ], "datePublic": "2023-04-11T16:26:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\nA CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause\nremote code execution when a valid user visits a malicious link provided through the web\nendpoints. Affected Products:\u0026nbsp;EcoStruxure Control Expert (V15.1 and above)" } ], "value": "\nA CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause\nremote code execution when a valid user visits a malicious link provided through the web\nendpoints. Affected Products:\u00a0EcoStruxure Control Expert (V15.1 and above)" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-668", "description": "CWE-668 Exposure of Resource to Wrong Sphere", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-12T03:15:47.214Z", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider" }, "references": [ { "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-101-03.pdf" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2023-27976", "datePublished": "2023-04-18T16:39:35.385Z", "dateReserved": "2023-03-09T05:25:56.973Z", "dateUpdated": "2025-02-05T21:02:29.013Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2020-25176 (GCVE-0-2020-25176)
Vulnerability from cvelistv5
Published
2022-03-18 18:00
Modified
2025-04-16 17:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-23 - Relative Path Traversal
Summary
Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer (IXL) protocol perform various file operations in the file system. Since the parameter pointing to the file name is not checked for reserved characters, it is possible for a remote, unauthenticated attacker to traverse an application’s directory, which could lead to remote code execution.
References
URL | Tags | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Rockwell Automation | ISaGRAF Runtime |
Version: 4.x Version: 5.x |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T15:26:10.174Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2020-25176", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-04-16T17:30:56.007245Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-04-16T17:59:33.248Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "ISaGRAF Runtime", "vendor": "Rockwell Automation", "versions": [ { "status": "affected", "version": "4.x" }, { "status": "affected", "version": "5.x" } ] } ], "credits": [ { "lang": "en", "value": "Kaspersky reported these vulnerabilities to Rockwell Automation." } ], "descriptions": [ { "lang": "en", "value": "Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer (IXL) protocol perform various file operations in the file system. Since the parameter pointing to the file name is not checked for reserved characters, it is possible for a remote, unauthenticated attacker to traverse an application\u2019s directory, which could lead to remote code execution." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-23", "description": "CWE-23 Relative Path Traversal", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-03-18T18:00:31.000Z", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf" } ], "solutions": [ { "lang": "en", "value": "Rockwell Automation recommends users update to ISaGRAF Runtime 5 Version 5.72.00. End users are encouraged to restrict or block access on TCP 1131 and TCP 1132 from outside the industrial control system. Confirm the least-privilege user principle is followed and user/service account access to Runtime\u0027s folder location is granted with a minimum amount of rights needed.\n\nRockwell Automation recommends users of affected versions evaluate the mitigations provided and apply the appropriate mitigations to deployed products. Users are encouraged to combine this guidance with the general security guidelines for a comprehensive defense-in-depth strategy.\n\nTo reduce risk, Rockwell Automation recommends users:\n Employ proper network segmentation and security controls.\n Minimize network exposure for all control system devices.\n Locate control systems behind firewalls.\n Isolate control systems from other networks when possible.\n Refer to the Converged Plantwide Ethernet (CPwE) Design and Implementation Guide for best practices deploying network segmentation and broader defense-in-depth strategies.\n Consider using proper network infrastructure controls, such as firewalls, UTM devices, VPN, or other security appliances.\n Ensure the least-privilege user principle is followed, and user/service account access to Runtime\u2019s folder location is granted with a minimum amount of rights, as needed.\n\nPlease see publications from Rockwell Automation and Schneider Electric, Xylem, or contact GE for further information about how to mitigate these vulnerabilities in additional affected products." } ], "source": { "discovery": "EXTERNAL" }, "title": "Rockwell Automation ISaGRAF5 Runtime Relative Path Traversal", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2020-25176", "STATE": "PUBLIC", "TITLE": "Rockwell Automation ISaGRAF5 Runtime Relative Path Traversal" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "ISaGRAF Runtime", "version": { "version_data": [ { "version_affected": "=", "version_value": "4.x" }, { "version_affected": "=", "version_value": "5.x" } ] } } ] }, "vendor_name": "Rockwell Automation" } ] } }, "credit": [ { "lang": "eng", "value": "Kaspersky reported these vulnerabilities to Rockwell Automation." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer (IXL) protocol perform various file operations in the file system. Since the parameter pointing to the file name is not checked for reserved characters, it is possible for a remote, unauthenticated attacker to traverse an application\u2019s directory, which could lead to remote code execution." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-23 Relative Path Traversal" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01", "refsource": "CONFIRM", "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01" }, { "name": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699", "refsource": "CONFIRM", "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699" }, { "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04", "refsource": "CONFIRM", "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04" }, { "name": "https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf", "refsource": "CONFIRM", "url": "https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf" } ] }, "solution": [ { "lang": "en", "value": "Rockwell Automation recommends users update to ISaGRAF Runtime 5 Version 5.72.00. End users are encouraged to restrict or block access on TCP 1131 and TCP 1132 from outside the industrial control system. Confirm the least-privilege user principle is followed and user/service account access to Runtime\u0027s folder location is granted with a minimum amount of rights needed.\n\nRockwell Automation recommends users of affected versions evaluate the mitigations provided and apply the appropriate mitigations to deployed products. Users are encouraged to combine this guidance with the general security guidelines for a comprehensive defense-in-depth strategy.\n\nTo reduce risk, Rockwell Automation recommends users:\n Employ proper network segmentation and security controls.\n Minimize network exposure for all control system devices.\n Locate control systems behind firewalls.\n Isolate control systems from other networks when possible.\n Refer to the Converged Plantwide Ethernet (CPwE) Design and Implementation Guide for best practices deploying network segmentation and broader defense-in-depth strategies.\n Consider using proper network infrastructure controls, such as firewalls, UTM devices, VPN, or other security appliances.\n Ensure the least-privilege user principle is followed, and user/service account access to Runtime\u2019s folder location is granted with a minimum amount of rights, as needed.\n\nPlease see publications from Rockwell Automation and Schneider Electric, Xylem, or contact GE for further information about how to mitigate these vulnerabilities in additional affected products." } ], "source": { "discovery": "EXTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2020-25176", "datePublished": "2022-03-18T18:00:31.000Z", "dateReserved": "2020-09-04T00:00:00.000Z", "dateUpdated": "2025-04-16T17:59:33.248Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…