CVE-2020-25180

Published: Mar 18, 2022Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x includes the functionality of setting a password that is required to execute privileged commands. The password value passed to ISaGRAF Runtime is the result of encryption performed with a fixed key value using the tiny encryption algorithm (TEA) on an entered or saved password. A remote, unauthenticated attacker could pass their own encrypted password to the ISaGRAF 5 Runtime, which may result in information disclosure on the device.

Affected (22)

Products: Schneider Electric: Easergy T300 Firmware, Easergy C5 Firmware, Micom C264 Firmware, Pacis Gtw Firmware, Saitel Dp Firmware, Epas Gtw Firmware, Saitel Dr Firmware, Scd2200 Firmware · Rockwellautomation: Aadvance Controller, Isagraf Free Runtime, Isagraf Runtime, Micro810 Firmware, Micro820 Firmware, Micro830 Firmware, Micro850 Firmware, Micro870 Firmware · Xylem: Multismart Firmware

Schneider Electric

8 products

Easergy T300 Firmware

8 products

1 product

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Easergy T300 Firmware	Up to 2.7.1

Running on/with	Platform Versions
Schneider Electric Easergy T300	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Easergy C5 Firmware	Before 1.1.0

Running on/with	Platform Versions
Schneider Electric Easergy C5	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Micom C264 Firmware	Before d6.1

Running on/with	Platform Versions
Schneider Electric Micom C264	All versions

Configuration D

5 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Pacis Gtw Firmware	Version 5.1
Schneider Electric Pacis Gtw Firmware	Version 5.2
Schneider Electric Pacis Gtw Firmware	Version 6.1
Schneider Electric Pacis Gtw Firmware	Version 6.3
Schneider Electric Pacis Gtw Firmware	Version 6.3

Running on/with	Platform Versions
Schneider Electric Pacis Gtw	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Saitel Dp Firmware	Up to 11.06.21

Running on/with	Platform Versions
Schneider Electric Saitel Dp	All versions

Configuration F

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Epas Gtw Firmware	Version 6.4
Schneider Electric Epas Gtw Firmware	Version 6.4

Running on/with	Platform Versions
Schneider Electric Epas Gtw	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Saitel Dr Firmware	Up to 11.06.12

Running on/with	Platform Versions
Schneider Electric Saitel Dr	All versions

Configuration H

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Schneider Electric Scd2200 Firmware	Up to 10024

Running on/with	Platform Versions
Schneider Electric Cp 3	All versions
Schneider Electric Mc 31	All versions

Configuration I

3 vulnerable

Vulnerable Software	Affected Versions
Rockwellautomation Aadvance Controller	Up to 1.40
Rockwellautomation Isagraf Free Runtime	Up to 6.6.8
Rockwellautomation Isagraf Runtime	From 5.0 to 6.0

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rockwellautomation Micro810 Firmware	All versions

Running on/with	Platform Versions
Rockwellautomation Micro810	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rockwellautomation Micro820 Firmware	All versions

Running on/with	Platform Versions
Rockwellautomation Micro820	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rockwellautomation Micro830 Firmware	All versions

Running on/with	Platform Versions
Rockwellautomation Micro830	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rockwellautomation Micro850 Firmware	All versions

Running on/with	Platform Versions
Rockwellautomation Micro850	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Rockwellautomation Micro870 Firmware	All versions

Running on/with	Platform Versions
Rockwellautomation Micro870	All versions

Configuration O

1 vulnerable

Vulnerable Software	Affected Versions
Xylem Multismart Firmware	Before 3.2.0

Related CWEs

CWE-321

Use of Hard-coded Cryptographic Key

The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.

CWE-798

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (8)

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04

Source: ics-cert@hq.dhs.gov

Vendor Advisory

https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699

Source: ics-cert@hq.dhs.gov

Permissions Required

https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf

Source: ics-cert@hq.dhs.gov

Third Party Advisory

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.