HIGH🇬🇧 English

CVE-2020-25178

CVSS 7.5v3.1pub. 2022-03-18upd. 2024-11-21

ISaGRAF Workbench communicates with Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x using TCP/IP. This communication protocol provides various file system operations, as well as the uploading of applications. Data is transferred over this protocol unencrypted, which could allow a remote unauthenticated attacker to upload, read, and delete files.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Rockwellautomation Aadvance Controller

    APP
    Rockwellautomation
    ≤ 1.40
  • Rockwellautomation Isagraf Free Runtime

    APP
    Rockwellautomation
    ≤ 6.6.8
  • Rockwellautomation Isagraf Runtime

    APP
    Rockwellautomation
    5.0 – 6.0 (bez)
  • Rockwellautomation Micro810

    HW
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation Micro810 Firmware

    OS
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation Micro820

    HW
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation Micro820 Firmware

    OS
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation Micro830

    HW
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation Micro830 Firmware

    OS
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation Micro850

    HW
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation Micro850 Firmware

    OS
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation Micro870

    HW
    Rockwellautomation
    wszystkie wersje
  • Rockwellautomation Micro870 Firmware

    OS
    Rockwellautomation
    wszystkie wersje
  • Schneider Electric Cp 3

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Easergy C5

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Easergy C5 Firmware

    OS
    Schneider-Electric
    < 1.1.0
  • Schneider Electric Easergy T300

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Easergy T300 Firmware

    OS
    Schneider-Electric
    ≤ 2.7.1
  • Schneider Electric Epas Gtw

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Epas Gtw Firmware

    OS
    Schneider-Electric
    6.4
  • Schneider Electric Mc 31

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Micom C264

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Micom C264 Firmware

    OS
    Schneider-Electric
    < d6.1
  • Schneider Electric Pacis Gtw

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Pacis Gtw Firmware

    OS
    Schneider-Electric
    5.15.26.16.3
  • Schneider Electric Saitel Dp

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Saitel Dp Firmware

    OS
    Schneider-Electric
    ≤ 11.06.21
  • Schneider Electric Saitel Dr

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Saitel Dr Firmware

    OS
    Schneider-Electric
    ≤ 11.06.12
  • Schneider Electric Scd2200 Firmware

    OS
    Schneider-Electric
    ≤ 10024
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Auth Bypass
CWE
Referencje

Powiązane podatności

CVE-2020-25176CRITICAL9.1ten sam produkt

Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer (IXL) protoc...

CVE-2020-28215CRITICAL9.8ten sam produkt

A CWE-862: Missing Authorization vulnerability exists in Easergy T300 (firmware 2.7 and older), that could cau...

CVE-2020-7561CRITICAL9.8ten sam produkt

A CWE-306: Missing Authentication for Critical Function vulnerability exists in Easergy T300 (with firmware 2....

CVE-2020-7508CRITICAL9.8ten sam produkt

A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists in Easergy T300 (Firm...

CVE-2020-7512CRITICAL9.8ten sam produkt

A CWE-1103: Use of Platform-Dependent Third Party Components with vulnerabilities vulnerability exists in Ease...