CVE-2020-25180
MEDIUM
5.3
CVSS Severity Score
Vulnerability Description
Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x includes the functionality of setting a password that is required to execute privileged commands. The password value passed to ISaGRAF Runtime is the result of encryption performed with a fixed key value using the tiny encryption algorithm (TEA) on an entered or saved password. A remote, unauthenticated attacker could pass their own encrypted password to the ISaGRAF 5 Runtime, which may result in information disclosure on the device.
Affected Platforms (CPE)
💻
Schneider Electric
Easergy T300 Firmware
<= 2.7.1💻
Schneider Electric
Easergy C5 Firmware
< 1.1.0💻
Schneider Electric
Micom C264 Firmware
< d6.1💻
Schneider Electric
Pacis Gtw Firmware
= 5.1💻
Schneider Electric
Pacis Gtw Firmware
= 5.2💻
Schneider Electric
Pacis Gtw Firmware
= 6.1💻
Schneider Electric
Pacis Gtw Firmware
= 6.3💻
Schneider Electric
Pacis Gtw Firmware
= 6.3💻
Schneider Electric
Saitel Dp Firmware
<= 11.06.21💻
Schneider Electric
Epas Gtw Firmware
= 6.4💻
Schneider Electric
Epas Gtw Firmware
= 6.4💻
Schneider Electric
Saitel Dr Firmware
<= 11.06.12💻
Schneider Electric
Scd2200 Firmware
<= 10024📦
Rockwellautomation
Aadvance Controller
<= 1.40📦
Rockwellautomation
Isagraf Free Runtime
<= 6.6.8📦
Rockwellautomation
Isagraf Runtime
>= 5.0 and < 6.0💻
Rockwellautomation
Micro810 Firmware
All versions💻
Rockwellautomation
Micro820 Firmware
All versions💻
Rockwellautomation
Micro830 Firmware
All versions💻
Rockwellautomation
Micro850 Firmware
All versions💻
Rockwellautomation
Micro870 Firmware
All versions💻
Xylem