#VU53972 Path traversal in Rockwell Automation products - CVE-2020-25176

Cybersecurity Help s.r.o.

Published: 2021-06-09 | Updated: 2021-07-13

Vulnerability identifier: #VU53972

Vulnerability risk: Low

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-25176

CWE-ID: CWE-22

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
AADvance Controller
Server applications / Other server solutions
ISaGRAF Free Runtime in ISaGRAF6 Workbench
Server applications / Other server solutions
ISaGRAF Runtime
Server applications / Other server solutions
Micro800
Hardware solutions / Firmware

Vendor: Rockwell Automation

Description

The vulnerability allows a remote user to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences within the ISaGRAF eXchange Layer (IXL) protocol. A remote administrator can send a specially crafted HTTP request and read arbitrary files on the system.

Mitigation
Install update from vendor's website.

Vulnerable software versions

AADvance Controller: 1.40

ISaGRAF Free Runtime in ISaGRAF6 Workbench: 6.6.8

Micro800: All versions

ISaGRAF Runtime: before 5.72.00

External links
https://ics-cert.us-cert.gov/advisories/icsa-20-280-01
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2021/07/13/klcert-20-022-rockwell-automation-isagraf-runtime-code-execution-due-to-relative-path-traversal

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Moxa ioPAC 8500 and ioPAC 8600 Series (IEC Models) Controllers

Multiple vulnerabilities in Rockwell Automation ISaGRAF5 Runtime