CVE-2020-25182
published 2022-03-18CVE-2020-25182: Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. Uncontrolled loading of dynamic libraries could…
medium6.7CVSS 3.1
AVLACLPRHUINSUCHIHAH
Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. Uncontrolled loading of dynamic libraries could allow a local, unauthenticated attacker to execute arbitrary code. This vulnerability only affects ISaGRAF Runtime when running on Microsoft Windows systems.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rockwell_automation | isagraf_runtime | — | — |
| rockwell_automation | isagraf_runtime | — | — |
| rockwellautomation | aadvance_controller | <= 1.40 | — |
| rockwellautomation | isagraf_free_runtime | <= 6.6.8 | — |
| rockwellautomation | isagraf_runtime | >= 5.0 < 6.0 | 6.0 |
| schneider-electric | easergy_c5_firmware | < 1.1.0 | 1.1.0 |
| schneider-electric | easergy_t300_firmware | <= 2.7.1 | — |
| schneider-electric | epas_gtw_firmware | — | — |
| schneider-electric | micom_c264_firmware | < d6.1 | d6.1 |
| schneider-electric | pacis_gtw_firmware | — | — |
| schneider-electric | pacis_gtw_firmware | — | — |
| schneider-electric | pacis_gtw_firmware | — | — |
| schneider-electric | pacis_gtw_firmware | — | — |
| schneider-electric | saitel_dp_firmware | <= 11.06.21 | — |
| schneider-electric | saitel_dr_firmware | <= 11.06.12 | — |
| schneider-electric | scd2200_firmware | <= 10024 | — |
| xylem | multismart_firmware | < 3.2.0 | 3.2.0 |