CVE-2020-25184

Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x stores the password in plaintext in a file that is in the same directory as the executable file. ISaGRAF Runtime reads the file and saves the data in a variable without any additional modification. A local, unauthenticated attacker could compromise the user passwords, resulting in information disclosure.
Configurations

Configuration 1

cpe:2.3:a:rockwellautomation:isagraf_free_runtime:*:*:*:*:*:isagraf6_workbench:*:*
cpe:2.3:a:rockwellautomation:aadvance_controller:*:*:*:*:*:*:*:*
cpe:2.3:a:rockwellautomation:isagraf_runtime:*:*:*:*:*:*:*:*
cpe:2.3:o:xylem:multismart_firmware:*:*:*:*:*:*:*:*

Information

Published : 2022-03-18 06:15

Updated : 2022-10-21 06:55


NVD link : CVE-2020-25184

Mitre link : CVE-2020-25184

Products Affected
No products.
CWE