CVE-2020-25176

critical

Description

Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer (IXL) protocol perform various file operations in the file system. Since the parameter pointing to the file name is not checked for reserved characters, it is possible for a remote, unauthenticated attacker to traverse an application’s directory, which could lead to remote code execution.

References

Advisories
More

https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf

https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01

https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04

Details

Source: Mitre, NVD

Published: 2022-03-18

Updated: 2022-04-04

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.04025