Vulnerability Description
Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer (IXL) protocol perform various file operations in the file system. Since the parameter pointing to the file name is not checked for reserved characters, it is possible for a remote, unauthenticated attacker to traverse an application’s directory, which could lead to remote code execution.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | Easergy T300 Firmware | <= 2.7.1 |
| Schneider-Electric | Easergy T300 | - |
| Schneider-Electric | Easergy C5 Firmware | < 1.1.0 |
| Schneider-Electric | Easergy C5 | - |
| Schneider-Electric | Micom C264 Firmware | < d6.1 |
| Schneider-Electric | Micom C264 | - |
| Schneider-Electric | Pacis Gtw Firmware | 5.1 |
| Schneider-Electric | Pacis Gtw | - |
| Schneider-Electric | Saitel Dp Firmware | <= 11.06.21 |
| Schneider-Electric | Saitel Dp | - |
| Schneider-Electric | Epas Gtw Firmware | 6.4 |
| Schneider-Electric | Epas Gtw | - |
| Schneider-Electric | Saitel Dr Firmware | <= 11.06.12 |
| Schneider-Electric | Saitel Dr | - |
| Schneider-Electric | Scd2200 Firmware | <= 10024 |
| Schneider-Electric | Cp-3 | - |
| Schneider-Electric | Mc-31 | - |
| Rockwellautomation | Aadvance Controller | <= 1.40 |
| Rockwellautomation | Isagraf Free Runtime | <= 6.6.8 |
| Rockwellautomation | Isagraf Runtime | >= 5.0, < 6.0 |
Related Weaknesses (CWE)
References
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04MitigationVendor Advisory
- https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699Permissions Required
- https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01Third Party AdvisoryUS Government Resource
- https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multThird Party Advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04MitigationVendor Advisory
- https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699Permissions Required
- https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01Third Party AdvisoryUS Government Resource
- https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multThird Party Advisory
FAQ
What is CVE-2020-25176?
CVE-2020-25176 is a vulnerability with a CVSS score of 9.1 (CRITICAL). Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer (IXL) protocol perform various file operations in the file system. Since the parameter pointing to the...
How severe is CVE-2020-25176?
CVE-2020-25176 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-25176?
Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Easergy T300 Firmware, Schneider-Electric Easergy T300, Schneider-Electric Easergy C5 Firmware, Schneider-Electric Easergy C5, Schneider-Electric Micom C264 Firmware.