CVE-2020-25182

Published Mar 18, 2022
Last updated 3 years ago
CVSS medium 6.7
Overview

Description: Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. Uncontrolled loading of dynamic libraries could allow a local, unauthenticated attacker to execute arbitrary code. This vulnerability only affects ISaGRAF Runtime when running on Microsoft Windows systems.
Source: ics-cert@hq.dhs.gov
NVD status: Analyzed
Risk scores

CVSS 3.1

Type: Primary
Base score: 6.7
Impact score: 5.9
Exploitability score: 0.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity: MEDIUM
CVSS 2.0

Type: Primary
Base score: 4.6
Impact score: 6.4
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:P/I:P/A:P
Weaknesses

nvd@nist.gov: CWE-427
ics-cert@hq.dhs.gov: CWE-427
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:easergy_t300_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E07AFED6-47CC-4A19-80DB-C537F4F07736",
            "versionEndIncluding": "2.7.1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:easergy_t300:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "45E6C3FA-001D-449A-A512-327FA0C9AC5A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:easergy_c5_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "01E1BC45-FFB3-4D5A-BA09-BA56A492E784",
            "versionEndExcluding": "1.1.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:easergy_c5:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A2EF5114-E9EB-47E1-A388-0963337906C6"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:micom_c264_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "17A5F6A2-32F6-4CDA-B2FE-EAA86B6BC43F",
            "versionEndExcluding": "d6.1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:micom_c264:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A4F6A5C4-E0B2-44F2-823F-9E9C59E7B1F5"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:pacis_gtw_firmware:5.1:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "716B1453-6203-4E7C-947D-71A031F79B3E"
          },
          {
            "criteria": "cpe:2.3:o:schneider-electric:pacis_gtw_firmware:5.2:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "05986825-76CD-486D-941A-E69A084F2A3E"
          },
          {
            "criteria": "cpe:2.3:o:schneider-electric:pacis_gtw_firmware:6.1:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F59F968F-E480-4262-9754-BBC180E1AE24"
          },
          {
            "criteria": "cpe:2.3:o:schneider-electric:pacis_gtw_firmware:6.3:*:*:*:*:linux:*:*",
            "vulnerable": true,
            "matchCriteriaId": "514C1283-E965-4543-991B-24FD5AA07D58"
          },
          {
            "criteria": "cpe:2.3:o:schneider-electric:pacis_gtw_firmware:6.3:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E3FDEC1C-930B-4B8D-A67A-1D46E2069A9B"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:pacis_gtw:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2240540D-73BB-47F1-A8CA-844DC6B00CE6"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:saitel_dp_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AC5965EE-EB40-443A-BFDE-E97BD1C0F4E3",
            "versionEndIncluding": "11.06.21"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:saitel_dp:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E6D73382-1957-4CC7-953F-D57C005D63B0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:epas_gtw_firmware:6.4:*:*:*:*:linux:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6011641C-4319-4FC3-9EB4-F8537A2C50C9"
          },
          {
            "criteria": "cpe:2.3:o:schneider-electric:epas_gtw_firmware:6.4:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A08C5894-6894-44B7-809C-542732BDE84B"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:epas_gtw:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4034AC56-BEC6-49EA-9C42-6D0AE360B7E1"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:saitel_dr_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "47A24A85-B912-4A15-AB2E-BF2EE739686F",
            "versionEndIncluding": "11.06.12"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:saitel_dr:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E65C2AD5-0079-47AA-82F3-F9335DCFA0AA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:schneider-electric:scd2200_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6D556CAB-DA72-4978-BB45-5B2834C03061",
            "versionEndIncluding": "10024"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:cp-3:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7C543522-AD89-48DD-90BB-47D686E93ADF"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:mc-31:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "53C778F7-64DA-4FD4-BB7F-2E5BB8BDB774"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:rockwellautomation:aadvance_controller:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "81F6F3FE-B508-4482-B832-992242F80D30",
            "versionEndIncluding": "1.40"
          },
          {
            "criteria": "cpe:2.3:a:rockwellautomation:isagraf_free_runtime:*:*:*:*:*:isagraf6_workbench:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6B1C6230-85E9-4053-90EB-715919960F80",
            "versionEndIncluding": "6.6.8"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:rockwellautomation:micro810_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5798DD01-C49B-4DA9-9E83-2C875A345A1A"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:rockwellautomation:micro810:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7CBC81B7-2559-46EB-A129-0456442C06D9"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:rockwellautomation:micro820_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D9FCA425-ACD4-4F6F-97CF-3B05A1C003E8"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:rockwellautomation:micro820:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7635A8EC-2D15-4BC6-938C-DC30AA21BEAB"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:rockwellautomation:micro830_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9BFBB963-DD14-405D-B9ED-6277354A5A57"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:rockwellautomation:micro830:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8EE48F31-B3FE-463F-B366-05116E4093DE"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:rockwellautomation:micro850_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8EEDFAA2-4E38-457E-9E50-802984D1C0E6"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:rockwellautomation:micro850:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B8BD0226-7434-4849-AD0D-35AB5A793F25"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:rockwellautomation:micro870_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CAFD020B-28D9-4EC5-A282-4D42DC02A34C"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:rockwellautomation:micro870:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "09DEF107-D1C4-456A-BB02-1731498568FD"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:xylem:multismart_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F64B0A94-A252-4052-A2C2-CD2374E3CCF2",
            "versionEndExcluding": "3.2.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:rockwellautomation:isagraf_runtime:*:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "15255D21-E663-4CDD-8320-9062902C6DA7",
            "versionEndExcluding": "6.0",
            "versionStartIncluding": "5.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References
