CVE-2020-25180
MEDIUM
5.3
CVSS Severity Score
Vulnerability Description
Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x includes the functionality of setting a password that is required to execute privileged commands. The password value passed to ISaGRAF Runtime is the result of encryption performed with a fixed key value using the tiny encryption algorithm (TEA) on an entered or saved password. A remote, unauthenticated attacker could pass their own encrypted password to the ISaGRAF 5 Runtime, which may result in information disclosure on the device.
Affected Platforms (CPE)
π»
Schneider Electric
Easergy T300 Firmware
<= 2.7.1π»
Schneider Electric
Easergy C5 Firmware
< 1.1.0π»
Schneider Electric
Micom C264 Firmware
< d6.1π»
Schneider Electric
Pacis Gtw Firmware
= 5.1π»
Schneider Electric
Pacis Gtw Firmware
= 5.2π»
Schneider Electric
Pacis Gtw Firmware
= 6.1π»
Schneider Electric
Pacis Gtw Firmware
= 6.3π»
Schneider Electric
Pacis Gtw Firmware
= 6.3π»
Schneider Electric
Saitel Dp Firmware
<= 11.06.21π»
Schneider Electric
Epas Gtw Firmware
= 6.4π»
Schneider Electric
Epas Gtw Firmware
= 6.4π»
Schneider Electric
Saitel Dr Firmware
<= 11.06.12π»
Schneider Electric
Scd2200 Firmware
<= 10024π¦
Rockwellautomation
Aadvance Controller
<= 1.40π¦
Rockwellautomation
Isagraf Free Runtime
<= 6.6.8π¦
Rockwellautomation
Isagraf Runtime
>= 5.0 and < 6.0π»
Rockwellautomation
Micro810 Firmware
All versionsπ»
Rockwellautomation
Micro820 Firmware
All versionsπ»
Rockwellautomation
Micro830 Firmware
All versionsπ»
Rockwellautomation
Micro850 Firmware
All versionsπ»
Rockwellautomation
Micro870 Firmware
All versionsπ»
Xylem