CVE-2020-25178
18.03.2022, 18:15
ISaGRAF Workbench communicates with Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x using TCP/IP. This communication protocol provides various file system operations, as well as the uploading of applications. Data is transferred over this protocol unencrypted, which could allow a remote unauthenticated attacker to upload, read, and delete files.Enginsight
| Vendor | Product | Version |
|---|---|---|
| schneider-electric | easergy_t300_firmware | 𝑥 ≤ 2.7.1 |
| schneider-electric | easergy_c5_firmware | 𝑥 < 1.1.0 |
| schneider-electric | pacis_gtw_firmware | 5.1 |
| schneider-electric | pacis_gtw_firmware | 5.2 |
| schneider-electric | pacis_gtw_firmware | 6.1 |
| schneider-electric | pacis_gtw_firmware | 6.3 |
| schneider-electric | pacis_gtw_firmware | 6.3 |
| schneider-electric | saitel_dp_firmware | 𝑥 ≤ 11.06.21 |
| schneider-electric | epas_gtw_firmware | 6.4 |
| schneider-electric | epas_gtw_firmware | 6.4 |
| schneider-electric | saitel_dr_firmware | 𝑥 ≤ 11.06.12 |
| schneider-electric | scd2200_firmware | 𝑥 ≤ 10024 |
| rockwellautomation | aadvance_controller | 𝑥 ≤ 1.40 |
| rockwellautomation | isagraf_free_runtime | 𝑥 ≤ 6.6.8 |
| rockwellautomation | isagraf_runtime | 5.0 ≤ 𝑥 < 6.0 |
| rockwellautomation | micro810_firmware | - |
| rockwellautomation | micro820_firmware | - |
| rockwellautomation | micro830_firmware | - |
| rockwellautomation | micro850_firmware | - |
| rockwellautomation | micro870_firmware | - |
| xylem | multismart_firmware | 𝑥 < 3.2.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References