Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer (IXL) protocol perform various file operations in the file system. Since the parameter pointing to the file name is not checked for reserved characters, it is possible for a remote, unauthenticated attacker to traverse an application’s directory, which could lead to remote code execution.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HRockwellautomation Aadvance Controller
APPRockwellautomation≤ 1.40Rockwellautomation Isagraf Free Runtime
APPRockwellautomation≤ 6.6.8Rockwellautomation Isagraf Runtime
APPRockwellautomation5.0 – 6.0 (bez)Rockwellautomation Micro810
HWRockwellautomationwszystkie wersjeRockwellautomation Micro810 Firmware
OSRockwellautomationwszystkie wersjeRockwellautomation Micro820
HWRockwellautomationwszystkie wersjeRockwellautomation Micro820 Firmware
OSRockwellautomationwszystkie wersjeRockwellautomation Micro830
HWRockwellautomationwszystkie wersjeRockwellautomation Micro830 Firmware
OSRockwellautomationwszystkie wersjeRockwellautomation Micro850
HWRockwellautomationwszystkie wersjeRockwellautomation Micro850 Firmware
OSRockwellautomationwszystkie wersjeRockwellautomation Micro870
HWRockwellautomationwszystkie wersjeRockwellautomation Micro870 Firmware
OSRockwellautomationwszystkie wersjeSchneider Electric Cp 3
HWSchneider-Electricwszystkie wersjeSchneider Electric Easergy C5
HWSchneider-Electricwszystkie wersjeSchneider Electric Easergy C5 Firmware
OSSchneider-Electric< 1.1.0Schneider Electric Easergy T300
HWSchneider-Electricwszystkie wersjeSchneider Electric Easergy T300 Firmware
OSSchneider-Electric≤ 2.7.1Schneider Electric Epas Gtw
HWSchneider-Electricwszystkie wersjeSchneider Electric Epas Gtw Firmware
OSSchneider-Electric6.4Schneider Electric Mc 31
HWSchneider-Electricwszystkie wersjeSchneider Electric Micom C264
HWSchneider-Electricwszystkie wersjeSchneider Electric Micom C264 Firmware
OSSchneider-Electric< d6.1Schneider Electric Pacis Gtw
HWSchneider-Electricwszystkie wersjeSchneider Electric Pacis Gtw Firmware
OSSchneider-Electric5.15.26.16.3Schneider Electric Saitel Dp
HWSchneider-Electricwszystkie wersjeSchneider Electric Saitel Dp Firmware
OSSchneider-Electric≤ 11.06.21Schneider Electric Saitel Dr
HWSchneider-Electricwszystkie wersjeSchneider Electric Saitel Dr Firmware
OSSchneider-Electric≤ 11.06.12Schneider Electric Scd2200 Firmware
OSSchneider-Electric≤ 10024
Related vulnerabilities
A CWE-862: Missing Authorization vulnerability exists in Easergy T300 (firmware 2.7 and older), that could cau...
A CWE-306: Missing Authentication for Critical Function vulnerability exists in Easergy T300 (with firmware 2....
A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists in Easergy T300 (Firm...
A CWE-1103: Use of Platform-Dependent Third Party Components with vulnerabilities vulnerability exists in Ease...
Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x stores the password in plaintext in a file that is in...