#VU53975 Cleartext transmission of sensitive information in Rockwell Automation products - CVE-2020-25178

Cybersecurity Help s.r.o.

Published: 2021-06-09 | Updated: 2021-07-13

Vulnerability identifier: #VU53975

Vulnerability risk: Medium

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2020-25178

CWE-ID: CWE-319

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
AADvance Controller
Server applications / Other server solutions
ISaGRAF Free Runtime in ISaGRAF6 Workbench
Server applications / Other server solutions
ISaGRAF Runtime
Server applications / Other server solutions
Micro800
Hardware solutions / Firmware

Vendor: Rockwell Automation

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to software uses insecure communication channel to transmit sensitive information. A remote attacker can upload, read, and delete files.

Mitigation
Install update from vendor's website.

Vulnerable software versions

AADvance Controller: 1.40

ISaGRAF Free Runtime in ISaGRAF6 Workbench: 6.6.8

Micro800: All versions

ISaGRAF Runtime: before 5.72.00

External links
https://ics-cert.us-cert.gov/advisories/icsa-20-280-01
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2021/07/13/klcert-20-023-rockwell-automation-isagraf-runtime-information-disclosure-due-to-cleartext-transmission-of-information-over-ixl-protocol

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Moxa ioPAC 8500 and ioPAC 8600 Series (IEC Models) Controllers

Multiple vulnerabilities in Rockwell Automation ISaGRAF5 Runtime