← Back

CVE-2020-25176

nvd nist
Published: Mar 18, 2022Modified: Nov 21, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer (IXL) protocol perform various file operations in the file system. Since the parameter pointing to the file name is not checked for reserved characters, it is possible for a remote, unauthenticated attacker to traverse an application’s directory, which could lead to remote code execution.

Affected (22)

Schneider Electric
8 products
Easergy T300 Firmware
Easergy C5 Firmware
Micom C264 Firmware
Pacis Gtw Firmware
Saitel Dp Firmware
Epas Gtw Firmware
Saitel Dr Firmware
Scd2200 Firmware
Rockwellautomation
8 products
Aadvance Controller
Isagraf Free Runtime
Isagraf Runtime
Micro810 Firmware
Micro820 Firmware
Micro830 Firmware
Micro850 Firmware
Micro870 Firmware
Xylem
1 product
Multismart Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Easergy T300 Firmware
Up to 2.7.1
Running on/withPlatform Versions
Schneider Electric
Easergy T300
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Easergy C5 Firmware
Before 1.1.0
Running on/withPlatform Versions
Schneider Electric
Easergy C5
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Micom C264 Firmware
Before d6.1
Running on/withPlatform Versions
Schneider Electric
Micom C264
All versions
Configuration D
5 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Pacis Gtw Firmware
Version 5.1
Pacis Gtw Firmware
Version 5.2
Pacis Gtw Firmware
Version 6.1
Pacis Gtw Firmware
Version 6.3
Pacis Gtw Firmware
Version 6.3
Running on/withPlatform Versions
Schneider Electric
Pacis Gtw
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Saitel Dp Firmware
Up to 11.06.21
Running on/withPlatform Versions
Schneider Electric
Saitel Dp
All versions
Configuration F
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Epas Gtw Firmware
Version 6.4
Epas Gtw Firmware
Version 6.4
Running on/withPlatform Versions
Schneider Electric
Epas Gtw
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Saitel Dr Firmware
Up to 11.06.12
Running on/withPlatform Versions
Schneider Electric
Saitel Dr
All versions
Configuration H
1 vulnerable · 2 platform
Vulnerable SoftwareAffected Versions
Scd2200 Firmware
Up to 10024
Running on/withPlatform Versions
Schneider Electric
Cp 3
All versions
Schneider Electric
Mc 31
All versions
Configuration I
3 vulnerable
Vulnerable SoftwareAffected Versions
Aadvance Controller
Up to 1.40
Isagraf Free Runtime
Up to 6.6.8
Isagraf Runtime
From 5.0 to 6.0
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Micro810 Firmware
All versions
Running on/withPlatform Versions
Rockwellautomation
Micro810
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Micro820 Firmware
All versions
Running on/withPlatform Versions
Rockwellautomation
Micro820
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Micro830 Firmware
All versions
Running on/withPlatform Versions
Rockwellautomation
Micro830
All versions
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Micro850 Firmware
All versions
Running on/withPlatform Versions
Rockwellautomation
Micro850
All versions
Configuration N
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Micro870 Firmware
All versions
Running on/withPlatform Versions
Rockwellautomation
Micro870
All versions
Configuration O
1 vulnerable
Vulnerable SoftwareAffected Versions
Multismart Firmware
Before 3.2.0

Related CWEs

CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
CWE-23
Relative Path Traversal
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

References (8)

Source: ics-cert@hq.dhs.gov
MitigationVendor Advisory
Source: ics-cert@hq.dhs.gov
Permissions Required
Source: ics-cert@hq.dhs.gov
Third Party AdvisoryUS Government Resource
Source: ics-cert@hq.dhs.gov
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions Required
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.