CVE-2020-25182

EPSS 0.02%
Veröffentlicht 18.03.2022 18:15:09
Zuletzt bearbeitet 21.11.2024 05:17:34
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

Rockwell Automation ISaGRAF5 Runtime Uncontrolled Search Path Element

Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. Uncontrolled loading of dynamic libraries could allow a local, unauthenticated attacker to execute arbitrary code. This vulnerability only affects ISaGRAF Runtime when running on Microsoft Windows systems.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 7

NVD 22 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Schneider-electric ≫ Easergy T300 Firmware Version <= 2.7.1

Schneider-electric ≫ Easergy T300 Version-

Schneider-electric ≫ Easergy C5 Firmware Version < 1.1.0

Schneider-electric ≫ Easergy C5 Version-

Schneider-electric ≫ Micom C264 Firmware Version < d6.1

Schneider-electric ≫ Micom C264 Version-

Schneider-electric ≫ Pacis Gtw Firmware Version5.1 SwPlatformwindows

Schneider-electric ≫ Pacis Gtw Version-

Schneider-electric ≫ Pacis Gtw Firmware Version5.2 SwPlatformwindows

Schneider-electric ≫ Pacis Gtw Version-

Schneider-electric ≫ Pacis Gtw Firmware Version6.1 SwPlatformwindows

Schneider-electric ≫ Pacis Gtw Version-

Schneider-electric ≫ Pacis Gtw Firmware Version6.3 SwPlatformlinux

Schneider-electric ≫ Pacis Gtw Version-

Schneider-electric ≫ Pacis Gtw Firmware Version6.3 SwPlatformwindows

Schneider-electric ≫ Pacis Gtw Version-

Schneider-electric ≫ Saitel Dp Firmware Version <= 11.06.21

Schneider-electric ≫ Saitel Dp Version-

Schneider-electric ≫ Epas Gtw Firmware Version6.4 SwPlatformlinux

Schneider-electric ≫ Epas Gtw Version-

Schneider-electric ≫ Epas Gtw Firmware Version6.4 SwPlatformwindows

Schneider-electric ≫ Epas Gtw Version-

Schneider-electric ≫ Saitel Dr Firmware Version <= 11.06.12

Schneider-electric ≫ Saitel Dr Version-

Schneider-electric ≫ Scd2200 Firmware Version <= 10024

Schneider-electric ≫ Cp-3 Version-
Schneider-electric ≫ Mc-31 Version-

Rockwellautomation ≫ Aadvance Controller Version <= 1.40

Rockwellautomation ≫ Isagraf Free Runtime SwPlatformisagraf6_workbench Version <= 6.6.8

Rockwellautomation ≫ Micro810 Firmware Version-

Rockwellautomation ≫ Micro810 Version-

Rockwellautomation ≫ Micro820 Firmware Version-

Rockwellautomation ≫ Micro820 Version-

Rockwellautomation ≫ Micro830 Firmware Version-

Rockwellautomation ≫ Micro830 Version-

Rockwellautomation ≫ Micro850 Firmware Version-

Rockwellautomation ≫ Micro850 Version-

Rockwellautomation ≫ Micro870 Firmware Version-

Rockwellautomation ≫ Micro870 Version-

Xylem ≫ Multismart Firmware Version < 3.2.0

Rockwellautomation ≫ Isagraf Runtime SwPlatformwindows Version >= 5.0 < 6.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.022

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.7	0.8	5.9	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P
ics-cert@hq.dhs.gov	6.7	0.8	5.9	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-427 Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04

Vendor Advisory

https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699

Vendor Advisory

Permissions Required

https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01

Third Party Advisory

US Government Resource

https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-25182

CVE Source (NVD)