CVE-2020-25178
moderate-risk
Published 2022-03-18
ISaGRAF Workbench communicates with Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x using TCP/IP. This communication protocol provides various file system operations, as well as the uploading of applications. Data is transferred over this protocol unencrypted, which could allow a remote unauthenticated attacker to upload, read, and delete files.
Do I need to act?
-
0.23% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10
High
NETWORK
/ HIGH complexity
Affected Products (20)
Easergy C5 Firmware
Micom C264 Firmware
Pacis Gtw Firmware
Pacis Gtw Firmware
Pacis Gtw Firmware
Pacis Gtw Firmware
Pacis Gtw Firmware
Saitel Dp Firmware
Epas Gtw Firmware
Epas Gtw Firmware
Saitel Dr Firmware
Scd2200 Firmware
Aadvance Controller
Isagraf Free Runtime
Isagraf Runtime
Micro810 Firmware
Micro820 Firmware
Micro830 Firmware
Micro850 Firmware
Affected Vendors
References (8)
Permissions Required
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699
Third Party Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01
Permissions Required
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699
Third Party Advisory
https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01
43
/ 100
moderate-risk
Severity
22/34 · High
Exploitability
1/34 · Minimal
Exposure
20/34 · Moderate