CVE-2020-25178
published 2022-03-18CVE-2020-25178: ISaGRAF Workbench communicates with Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x using TCP/IP. This communication protocol provides various file…
high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
ISaGRAF Workbench communicates with Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x using TCP/IP. This communication protocol provides various file system operations, as well as the uploading of applications. Data is transferred over this protocol unencrypted, which could allow a remote unauthenticated attacker to upload, read, and delete files.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rockwell_automation | isagraf_runtime | — | — |
| rockwell_automation | isagraf_runtime | — | — |
| rockwellautomation | aadvance_controller | <= 1.40 | — |
| rockwellautomation | isagraf_free_runtime | <= 6.6.8 | — |
| rockwellautomation | isagraf_runtime | >= 5.0 < 6.0 | 6.0 |
| schneider-electric | easergy_c5_firmware | < 1.1.0 | 1.1.0 |
| schneider-electric | easergy_t300_firmware | <= 2.7.1 | — |
| schneider-electric | epas_gtw_firmware | — | — |
| schneider-electric | micom_c264_firmware | < d6.1 | d6.1 |
| schneider-electric | pacis_gtw_firmware | — | — |
| schneider-electric | pacis_gtw_firmware | — | — |
| schneider-electric | pacis_gtw_firmware | — | — |
| schneider-electric | pacis_gtw_firmware | — | — |
| schneider-electric | saitel_dp_firmware | <= 11.06.21 | — |
| schneider-electric | saitel_dr_firmware | <= 11.06.12 | — |
| schneider-electric | scd2200_firmware | <= 10024 | — |
| xylem | multismart_firmware | < 3.2.0 | 3.2.0 |