CVE-2020-25182

CWE-4273 documents3 sources

Severity

6.7MEDIUM

EPSS

0.0%

top 97.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Rockwellautomation Isagraf Runtime Schneider-electric Easergy C5 Firmware Schneider-electric Micom C264 Firmware +10 more

Timeline

PublishedMar 18

Latest updateMar 19

Description

Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. Uncontrolled loading of dynamic libraries could allow a local, unauthenticated attacker to execute arbitrary code. This vulnerability only affects ISaGRAF Runtime when running on Microsoft Windows systems.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages13 packages

▶NVDrockwellautomation/isagraf_runtime5.0 — 6.0

▶NVDrockwellautomation/isagraf_free_runtime6.6.8

▶CVEListV5rockwell_automation/isagraf_runtime4.x, 5.x+1

▶NVDrockwellautomation/aadvance_controller1.40

▶NVDxylem/multismart_firmware< 3.2.0

🔴Vulnerability Details

GHSA

GHSA-f6jg-3f64-ghp3: Rockwell Automation ISaGRAF Runtime Versions 4↗2022-03-19

▶

CVEList

Rockwell Automation ISaGRAF5 Runtime Uncontrolled Search Path Element↗2022-03-18

▶