Details of VAR-202106-1998

ID

VAR-202106-1998

CVE

CVE-2020-25178

TITLE

Rockwell Automation Made ISaGRAF5 Runtime Multiple vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2021-001882

DESCRIPTION

ISaGRAF Workbench communicates with Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x using TCP/IP. This communication protocol provides various file system operations, as well as the uploading of applications. Data is transferred over this protocol unencrypted, which could allow a remote unauthenticated attacker to upload, read, and delete files. Rockwell Automation Provided by the company ISaGRAF5 Runtime contains multiple vulnerabilities: * relative path traversal (CWE-23) - CVE-2020-25176 It was * Plain text storage of authentication information (CWE-256) - CVE-2020-25184 It was * Sending important information in clear text (CWE-319) - CVE-2020-25178 It was * DLL File search paths are not properly controlled (CWE-427) - CVE-2020-25182 It was * Using hardcoded encryption keys (CWE-321) - CVE-2020-25180The expected impacts vary depending on the vulnerability, but some of the following may occur: * Arbitrary code is executed by a remote third party - CVE-2020-25176 It was * Passwords and information may be stolen by local users. - CVE-2020-25178 It was * ISaGRAF Runtime But Microsoft Windows If the vulnerability is running on a local machine, a local attacker may be able to execute arbitrary code. - CVE-2020-25182 It was * Information may be stolen by a remote third party. - CVE-2020-25180. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Rockwell Automation ISaGRAF is an automation software technology developed by Rockwell Automation in the United States for creating integrated automation solutions. It is designed to be scalable and portable, suitable for developing small controllers and large distributed automation systems

Trust: 2.25

sources: NVD: CVE-2020-25178 // JVNDB: JVNDB-2021-001882 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-179130

AFFECTED PRODUCTS

vendor:	rockwellautomation	model:	isagraf runtime	scope:	lt	version:	6.0	Trust: 1.0
vendor:	schneider electric	model:	micom c264	scope:	lt	version:	d6.1	Trust: 1.0
vendor:	schneider electric	model:	pacis gtw	scope:	eq	version:	5.1	Trust: 1.0
vendor:	schneider electric	model:	pacis gtw	scope:	eq	version:	6.3	Trust: 1.0
vendor:	rockwellautomation	model:	isagraf runtime	scope:	gte	version:	5.0	Trust: 1.0
vendor:	schneider electric	model:	saitel dp	scope:	lte	version:	11.06.21	Trust: 1.0
vendor:	schneider electric	model:	epas gtw	scope:	eq	version:	6.4	Trust: 1.0
vendor:	schneider electric	model:	saitel dr	scope:	lte	version:	11.06.12	Trust: 1.0
vendor:	xylem	model:	multismart	scope:	lt	version:	3.2.0	Trust: 1.0
vendor:	rockwellautomation	model:	micro820	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	easergy t300	scope:	lte	version:	2.7.1	Trust: 1.0
vendor:	rockwellautomation	model:	micro870	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	pacis gtw	scope:	eq	version:	5.2	Trust: 1.0
vendor:	rockwellautomation	model:	micro810	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	scd2200	scope:	lte	version:	10024	Trust: 1.0
vendor:	rockwellautomation	model:	micro850	scope:	eq	version:	-	Trust: 1.0
vendor:	schneider electric	model:	pacis gtw	scope:	eq	version:	6.1	Trust: 1.0
vendor:	rockwellautomation	model:	micro830	scope:	eq	version:	-	Trust: 1.0
vendor:	rockwellautomation	model:	aadvance controller	scope:	lte	version:	1.40	Trust: 1.0
vendor:	rockwellautomation	model:	isagraf free runtime	scope:	lte	version:	6.6.8	Trust: 1.0
vendor:	schneider electric	model:	easergy c5	scope:	lt	version:	1.1.0	Trust: 1.0
vendor:	rockwell automation	model:	isagraf runtime	scope:	-	version:	-	Trust: 0.8
vendor:	xylem	model:	multismart	scope:	-	version:	-	Trust: 0.8
vendor:	ge steam power	model:	alspa s6 mfc1000	scope:	-	version:	-	Trust: 0.8
vendor:	ge steam power	model:	alspa s6 mfc3000	scope:	-	version:	-	Trust: 0.8
vendor:	rockwell automation	model:	aadvance controller	scope:	-	version:	-	Trust: 0.8
vendor:	rockwell automation	model:	isagraf free runtime	scope:	-	version:	-	Trust: 0.8
vendor:	rockwell automation	model:	micro800	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-001882 // NVD: CVE-2020-25178

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-25178
value:	HIGH
Trust: 1.0
ics-cert@hq.dhs.gov:	CVE-2020-25178
value:	HIGH
Trust: 1.0
IPA:	JVNDB-2021-001882
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202106-528
value:	HIGH
Trust: 0.6
VULHUB:	VHN-179130
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-25178
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-179130
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-25178
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
ics-cert@hq.dhs.gov:	CVE-2020-25178
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.6
impactScore:	5.9
version:	3.1
Trust: 1.0
IPA:	JVNDB-2021-001882
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-179130 // JVNDB: JVNDB-2021-001882 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-528 // NVD: CVE-2020-25178 // NVD: CVE-2020-25178

PROBLEMTYPE DATA

problemtype:	CWE-319	Trust: 1.1
problemtype:	Relative past traversal (CWE-23) [IPA evaluation ]	Trust: 0.8
problemtype:	Plain text storage of authentication information (CWE-256) [IPA evaluation ]	Trust: 0.8
problemtype:	Sending important information in clear text (CWE-319) [IPA evaluation ]	Trust: 0.8
problemtype:	Using hardcoded encryption keys (CWE-321) [IPA evaluation ]	Trust: 0.8
problemtype:	Uncontrolled search path elements (CWE-427) [IPA evaluation ]	Trust: 0.8

sources: VULHUB: VHN-179130 // JVNDB: JVNDB-2021-001882 // NVD: CVE-2020-25178

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202106-528

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-528

PATCH

title:	Xylem Product Security Advisory	url:	https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699	Trust: 0.8
title:	Rockwell Automation ISaGRAF Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=153708	Trust: 0.6

sources: JVNDB: JVNDB-2021-001882 // CNNVD: CNNVD-202106-528

EXTERNAL IDS

db:	NVD	id:	CVE-2020-25178	Trust: 3.3
db:	ICS CERT	id:	ICSA-20-280-01	Trust: 2.5
db:	SCHNEIDER	id:	SEVD-2021-159-04	Trust: 1.7
db:	JVN	id:	JVNVU90811375	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-001882	Trust: 0.8
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021120106	Trust: 0.6
db:	CS-HELP	id:	SB2021060920	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2163	Trust: 0.6
db:	CNNVD	id:	CNNVD-202106-528	Trust: 0.6
db:	VULHUB	id:	VHN-179130	Trust: 0.1

sources: VULHUB: VHN-179130 // JVNDB: JVNDB-2021-001882 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-528 // NVD: CVE-2020-25178

REFERENCES

url:	https://download.schneider-electric.com/files?p_doc_ref=sevd-2021-159-04	Trust: 1.7
url:	https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699	Trust: 1.7
url:	https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01	Trust: 1.7
url:	https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf	Trust: 1.7
url:	https://us-cert.cisa.gov/ics/advisories/icsa-20-280-01	Trust: 1.4
url:	http://jvn.jp/cert/jvnvu90811375	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-25176	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-25178	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-25180	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-25182	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-25184	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2020-25178/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2163	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021060920	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021120106	Trust: 0.6

sources: VULHUB: VHN-179130 // JVNDB: JVNDB-2021-001882 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-528 // NVD: CVE-2020-25178

CREDITS

Kaspersky reported these vulnerabilities to Rockwell Automation.

Trust: 0.6

sources: CNNVD: CNNVD-202106-528

SOURCES

db:	VULHUB	id:	VHN-179130
db:	JVNDB	id:	JVNDB-2021-001882
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202106-528
db:	NVD	id:	CVE-2020-25178

LAST UPDATE DATE

2024-08-14T12:16:52.480000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-179130	date:	2022-04-04T00:00:00
db:	JVNDB	id:	JVNDB-2021-001882	date:	2024-06-20T08:49:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202106-528	date:	2022-04-06T00:00:00
db:	NVD	id:	CVE-2020-25178	date:	2022-04-04T20:57:25.423

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-179130	date:	2022-03-18T00:00:00
db:	JVNDB	id:	JVNDB-2021-001882	date:	2021-06-11T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202106-528	date:	2021-06-08T00:00:00
db:	NVD	id:	CVE-2020-25178	date:	2022-03-18T18:15:09.123