CVE-2020-25176 — Relative Path Traversal in Isagraf Runtime

CWE-23 — Relative Path Traversal CWE-22 — Path Traversal3 documents3 sources

Severity

9.8CRITICALNVD

CNA9.1

EPSS

3.5%

top 12.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Rockwellautomation Isagraf Runtime Schneider-electric Easergy C5 Firmware Schneider-electric Micom C264 Firmware +10 more

Timeline

PublishedMar 18

Latest updateMar 19

Description

Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer (IXL) protocol perform various file operations in the file system. Since the parameter pointing to the file name is not checked for reserved characters, it is possible for a remote, unauthenticated attacker to traverse an application’s directory, which could lead to remote code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages13 packages

▶NVDrockwellautomation/isagraf_runtime5.0 — 6.0

▶NVDrockwellautomation/isagraf_free_runtime6.6.8

▶CVEListV5rockwell_automation/isagraf_runtime4.x, 5.x+1

▶NVDrockwellautomation/aadvance_controller1.40

▶NVDxylem/multismart_firmware< 3.2.0

🔴Vulnerability Details

GHSA

GHSA-fg53-m5qv-8qwq: Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4↗2022-03-19

▶

CVEList

Rockwell Automation ISaGRAF5 Runtime Relative Path Traversal↗2022-03-18

▶