Details of VAR-202106-1997

ID

VAR-202106-1997

CVE

CVE-2020-25180

TITLE

Rockwell Automation Made ISaGRAF5 Runtime Multiple vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2021-001882

DESCRIPTION

Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x includes the functionality of setting a password that is required to execute privileged commands. The password value passed to ISaGRAF Runtime is the result of encryption performed with a fixed key value using the tiny encryption algorithm (TEA) on an entered or saved password. A remote, unauthenticated attacker could pass their own encrypted password to the ISaGRAF 5 Runtime, which may result in information disclosure on the device. Rockwell Automation Provided by the company ISaGRAF5 Runtime contains multiple vulnerabilities: * relative path traversal (CWE-23) - CVE-2020-25176 It was * Plain text storage of authentication information (CWE-256) - CVE-2020-25184 It was * Sending important information in clear text (CWE-319) - CVE-2020-25178 It was * DLL File search paths are not properly controlled (CWE-427) - CVE-2020-25182 It was * Using hardcoded encryption keys (CWE-321) - CVE-2020-25180The expected impacts vary depending on the vulnerability, but some of the following may occur: * Arbitrary code is executed by a remote third party - CVE-2020-25176 It was * Passwords and information may be stolen by local users. - CVE-2020-25184 It was * Files can be uploaded, read, and deleted by a remote third party. - CVE-2020-25178 It was * ISaGRAF Runtime But Microsoft Windows If the vulnerability is running on a local machine, a local attacker may be able to execute arbitrary code. - CVE-2020-25182 It was * Information may be stolen by a remote third party. - CVE-2020-25180. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Rockwell Automation ISaGRAF is an automation software technology developed by Rockwell Automation in the United States for creating integrated automation solutions. It is designed to be scalable and portable, suitable for developing small controllers and large distributed automation systems

Trust: 2.25

sources: NVD: CVE-2020-25180 // JVNDB: JVNDB-2021-001882 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-179133

AFFECTED PRODUCTS

vendor:	rockwellautomation	model:	isagraf runtime	scope:	lt	version:	6.0	Trust: 1.0
vendor:	schneider electric	model:	micom c264	scope:	lt	version:	d6.1	Trust: 1.0
vendor:	schneider electric	model:	pacis gtw	scope:	eq	version:	5.1	Trust: 1.0
vendor:	schneider electric	model:	pacis gtw	scope:	eq	version:	6.3	Trust: 1.0
vendor:	rockwellautomation	model:	isagraf runtime	scope:	gte	version:	5.0	Trust: 1.0
vendor:	schneider electric	model:	saitel dp	scope:	lte	version:	11.06.21	Trust: 1.0
vendor:	schneider electric	model:	epas gtw	scope:	eq	version:	6.4	Trust: 1.0
vendor:	schneider electric	model:	saitel dr	scope:	lte	version:	11.06.12	Trust: 1.0
vendor:	xylem	model:	multismart	scope:	lt	version:	3.2.0	Trust: 1.0
vendor:	rockwellautomation	model:	micro820	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	easergy t300	scope:	lte	version:	2.7.1	Trust: 1.0
vendor:	rockwellautomation	model:	micro870	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	pacis gtw	scope:	eq	version:	5.2	Trust: 1.0
vendor:	rockwellautomation	model:	micro810	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	scd2200	scope:	lte	version:	10024	Trust: 1.0
vendor:	rockwellautomation	model:	micro850	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	pacis gtw	scope:	eq	version:	6.1	Trust: 1.0
vendor:	rockwellautomation	model:	micro830	scope:	eq	version:	-	Trust: 1.0
vendor:	rockwellautomation	model:	aadvance controller	scope:	lte	version:	1.40	Trust: 1.0
vendor:	rockwellautomation	model:	isagraf free runtime	scope:	lte	version:	6.6.8	Trust: 1.0
vendor:	schneider electric	model:	easergy c5	scope:	lt	version:	1.1.0	Trust: 1.0
vendor:	rockwell automation	model:	isagraf runtime	scope:	-	version:	-	Trust: 0.8
vendor:	xylem	model:	multismart	scope:	-	version:	-	Trust: 0.8
vendor:	ge steam power	model:	alspa s6 mfc1000	scope:	-	version:	-	Trust: 0.8
vendor:	ge steam power	model:	alspa s6 mfc3000	scope:	-	version:	-	Trust: 0.8
vendor:	rockwell automation	model:	aadvance controller	scope:	-	version:	-	Trust: 0.8
vendor:	rockwell automation	model:	isagraf free runtime	scope:	-	version:	-	Trust: 0.8
vendor:	rockwell automation	model:	micro800	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-001882 // NVD: CVE-2020-25180

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-25180
value:	MEDIUM
Trust: 1.0
ics-cert@hq.dhs.gov:	CVE-2020-25180
value:	MEDIUM
Trust: 1.0
IPA:	JVNDB-2021-001882
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202106-529
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-179133
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-25180
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-179133
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-25180
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
ics-cert@hq.dhs.gov:	CVE-2020-25180
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.6
impactScore:	3.6
version:	3.1
Trust: 1.0
IPA:	JVNDB-2021-001882
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-179133 // JVNDB: JVNDB-2021-001882 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-529 // NVD: CVE-2020-25180 // NVD: CVE-2020-25180

PROBLEMTYPE DATA

problemtype:	CWE-798	Trust: 1.1
problemtype:	CWE-321	Trust: 1.0
problemtype:	Relative past traversal (CWE-23) [IPA evaluation ]	Trust: 0.8
problemtype:	Plain text storage of authentication information (CWE-256) [IPA evaluation ]	Trust: 0.8
problemtype:	Sending important information in clear text (CWE-319) [IPA evaluation ]	Trust: 0.8
problemtype:	Using hardcoded encryption keys (CWE-321) [IPA evaluation ]	Trust: 0.8
problemtype:	Uncontrolled search path elements (CWE-427) [IPA evaluation ]	Trust: 0.8

sources: VULHUB: VHN-179133 // JVNDB: JVNDB-2021-001882 // NVD: CVE-2020-25180

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202106-529

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:	Xylem Product Security Advisory	url:	https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699	Trust: 0.8
title:	Rockwell Automation ISaGRAF Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=153709	Trust: 0.6

sources: JVNDB: JVNDB-2021-001882 // CNNVD: CNNVD-202106-529

EXTERNAL IDS

db:	NVD	id:	CVE-2020-25180	Trust: 3.3
db:	ICS CERT	id:	ICSA-20-280-01	Trust: 2.5
db:	SCHNEIDER	id:	SEVD-2021-159-04	Trust: 1.7
db:	JVN	id:	JVNVU90811375	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-001882	Trust: 0.8
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021120106	Trust: 0.6
db:	CS-HELP	id:	SB2021060920	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2163	Trust: 0.6
db:	CNNVD	id:	CNNVD-202106-529	Trust: 0.6
db:	VULHUB	id:	VHN-179133	Trust: 0.1

sources: VULHUB: VHN-179133 // JVNDB: JVNDB-2021-001882 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-529 // NVD: CVE-2020-25180

REFERENCES

url:	https://download.schneider-electric.com/files?p_doc_ref=sevd-2021-159-04	Trust: 1.7
url:	https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699	Trust: 1.7
url:	https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01	Trust: 1.7
url:	https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf	Trust: 1.7
url:	https://us-cert.cisa.gov/ics/advisories/icsa-20-280-01	Trust: 1.4
url:	http://jvn.jp/cert/jvnvu90811375	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-25176	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-25178	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-25180	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-25182	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-25184	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2163	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021060920	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2020-25180/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021120106	Trust: 0.6

sources: VULHUB: VHN-179133 // JVNDB: JVNDB-2021-001882 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-529 // NVD: CVE-2020-25180

CREDITS

Kaspersky reported these vulnerabilities to Rockwell Automation.

Trust: 0.6

sources: CNNVD: CNNVD-202106-529

SOURCES

db:	VULHUB	id:	VHN-179133
db:	JVNDB	id:	JVNDB-2021-001882
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202106-529
db:	NVD	id:	CVE-2020-25180

LAST UPDATE DATE

2024-08-14T13:09:36.925000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-179133	date:	2022-04-04T00:00:00
db:	JVNDB	id:	JVNDB-2021-001882	date:	2024-06-20T08:49:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202106-529	date:	2022-04-06T00:00:00
db:	NVD	id:	CVE-2020-25180	date:	2022-04-04T20:59:49.830

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-179133	date:	2022-03-18T00:00:00
db:	JVNDB	id:	JVNDB-2021-001882	date:	2021-06-11T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202106-529	date:	2021-06-08T00:00:00
db:	NVD	id:	CVE-2020-25180	date:	2022-03-18T18:15:09.187