CVE-2020-25176

Summary

CVE	CVE-2020-25176
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-03-18 18:15:00 UTC
Updated	2022-04-04 20:56:00 UTC
Description	Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer (IXL) protocol perform various file operations in the file system. Since the parameter pointing to the file name is not checked for reserved characters, it is possible for a remote, unauthenticated attacker to traverse an application’s directory, which could lead to remote code execution.

Risk And Classification

Problem Types: CWE-22

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Rockwellautomation	Aadvance Controller	All	All	All	All
Application	Rockwellautomation	Isagraf Free Runtime	All	All	All	All
Application	Rockwellautomation	Isagraf Runtime	All	All	All	All
Hardware	Rockwellautomation	Micro810	-	All	All	All
Operating System	Rockwellautomation	Micro810 Firmware	-	All	All	All
Hardware	Rockwellautomation	Micro820	-	All	All	All
Operating System	Rockwellautomation	Micro820 Firmware	-	All	All	All
Hardware	Rockwellautomation	Micro830	-	All	All	All
Operating System	Rockwellautomation	Micro830 Firmware	-	All	All	All
Hardware	Rockwellautomation	Micro850	-	All	All	All
Operating System	Rockwellautomation	Micro850 Firmware	-	All	All	All
Hardware	Rockwellautomation	Micro870	-	All	All	All
Operating System	Rockwellautomation	Micro870 Firmware	-	All	All	All
Hardware	Schneider-electric	Cp-3	-	All	All	All
Hardware	Schneider-electric	Easergy C5	-	All	All	All
Operating System	Schneider-electric	Easergy C5 Firmware	All	All	All	All
Hardware	Schneider-electric	Easergy T300	-	All	All	All
Operating System	Schneider-electric	Easergy T300 Firmware	All	All	All	All
Hardware	Schneider-electric	Epas Gtw	-	All	All	All
Operating System	Schneider-electric	Epas Gtw Firmware	6.4	All	All	All
Operating System	Schneider-electric	Epas Gtw Firmware	6.4	All	All	All
Hardware	Schneider-electric	Mc-31	-	All	All	All
Hardware	Schneider-electric	Micom C264	-	All	All	All
Operating System	Schneider-electric	Micom C264 Firmware	All	All	All	All
Hardware	Schneider-electric	Pacis Gtw	-	All	All	All
Operating System	Schneider-electric	Pacis Gtw Firmware	5.1	All	All	All
Operating System	Schneider-electric	Pacis Gtw Firmware	5.2	All	All	All
Operating System	Schneider-electric	Pacis Gtw Firmware	6.1	All	All	All
Operating System	Schneider-electric	Pacis Gtw Firmware	6.3	All	All	All
Operating System	Schneider-electric	Pacis Gtw Firmware	6.3	All	All	All
Hardware	Schneider-electric	Saitel Dp	-	All	All	All
Operating System	Schneider-electric	Saitel Dp Firmware	All	All	All	All
Hardware	Schneider-electric	Saitel Dr	-	All	All	All
Operating System	Schneider-electric	Saitel Dr Firmware	All	All	All	All
Operating System	Schneider-electric	Scd2200 Firmware	All	All	All	All
Operating System	Xylem	Multismart Firmware	All	All	All	All

References

Reference	Source	Link	Tags
www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multism...	CONFIRM	www.xylem.com
download.schneider-electric.com/files	CONFIRM	download.schneider-electric.com
Rockwell Automation ISaGRAF5 Runtime (Update A) \| CISA	CONFIRM	www.cisa.gov
Sign In	CONFIRM	rockwellautomation.custhelp.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

Vendor Comments And Credit

Discovery Credit

LEGACY: Kaspersky reported these vulnerabilities to Rockwell Automation.

Legacy QID Mappings

590729 Rockwell Automation ISaGRAF5 Runtime Multiple Vulnerabilities (ICSA-20-280-01)
590781 Rockwell Automation AADvance Controller and Micro800 family Multiple Vulnerabilities (ICSA-20-280-01)