CVE-2020-25184
published 2022-03-18CVE-2020-25184: Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x stores the password in plaintext in a file that is in the same directory as the executable file…
medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x stores the password in plaintext in a file that is in the same directory as the executable file. ISaGRAF Runtime reads the file and saves the data in a variable without any additional modification. A local, unauthenticated attacker could compromise the user passwords, resulting in information disclosure.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rockwell_automation | isagraf_runtime | — | — |
| rockwell_automation | isagraf_runtime | — | — |
| rockwellautomation | aadvance_controller | <= 1.40 | — |
| rockwellautomation | isagraf_free_runtime | <= 6.6.8 | — |
| rockwellautomation | isagraf_runtime | >= 5.0 < 6.0 | 6.0 |
| schneider-electric | easergy_c5_firmware | < 1.1.0 | 1.1.0 |
| schneider-electric | easergy_t300_firmware | <= 2.7.1 | — |
| schneider-electric | epas_gtw_firmware | — | — |
| schneider-electric | micom_c264_firmware | < d6.1 | d6.1 |
| schneider-electric | pacis_gtw_firmware | — | — |
| schneider-electric | pacis_gtw_firmware | — | — |
| schneider-electric | pacis_gtw_firmware | — | — |
| schneider-electric | pacis_gtw_firmware | — | — |
| schneider-electric | saitel_dp_firmware | <= 11.06.21 | — |
| schneider-electric | saitel_dr_firmware | <= 11.06.12 | — |
| schneider-electric | scd2200_firmware | <= 10024 | — |
| xylem | multismart_firmware | < 3.2.0 | 3.2.0 |