CVE-2020-25178

ISaGRAF Workbench communicates with Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x using TCP/IP. This communication protocol provides various file system operations, as well as the uploading of applications. Data is transferred over this protocol unencrypted, which could allow a remote unauthenticated attacker to upload, read, and delete files.
Configurations

Configuration 1

cpe:2.3:a:rockwellautomation:isagraf_free_runtime:*:*:*:*:*:isagraf6_workbench:*:*
cpe:2.3:a:rockwellautomation:aadvance_controller:*:*:*:*:*:*:*:*
cpe:2.3:a:rockwellautomation:isagraf_runtime:*:*:*:*:*:*:*:*
cpe:2.3:o:xylem:multismart_firmware:*:*:*:*:*:*:*:*

Information

Published : 2022-03-18 06:15

Updated : 2022-04-04 08:57


NVD link : CVE-2020-25178

Mitre link : CVE-2020-25178

Products Affected
No products.
CWE
CWE-319

Cleartext Transmission of Sensitive Information