#VU53979 Use of Hard-coded Cryptographic Key in Rockwell Automation products - CVE-2020-25180

Cybersecurity Help s.r.o.

Published: 2021-06-09 | Updated: 2021-07-13

Vulnerability identifier: #VU53979

Vulnerability risk: Medium

CVSSv4.0: 2.1 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2020-25180

CWE-ID: CWE-321

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
AADvance Controller
Server applications / Other server solutions
ISaGRAF Free Runtime in ISaGRAF6 Workbench
Server applications / Other server solutions
ISaGRAF Runtime
Server applications / Other server solutions
Micro800
Hardware solutions / Firmware

Vendor: Rockwell Automation

Description

The vulnerability allows a remote attacker to disclose sensitive information on the target system.

The vulnerability exists due to use of hard-coded cryptographic key issue. A remote attacker can pass their own encrypted password to the ISaGRAF 5 Runtime, and cause information disclosure on the device.

Mitigation
Install update from vendor's website.

Vulnerable software versions

AADvance Controller: 1.40

ISaGRAF Free Runtime in ISaGRAF6 Workbench: 6.6.8

Micro800: All versions

ISaGRAF Runtime: before 5.72.00

External links
https://ics-cert.us-cert.gov/advisories/icsa-20-280-01
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2021/07/13/klcert-20-025-rockwell-automation-isagraf-runtime-information-disclosure-due-to-hard-coded-cryptographic-key

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Moxa ioPAC 8500 and ioPAC 8600 Series (IEC Models) Controllers

Multiple vulnerabilities in Rockwell Automation ISaGRAF5 Runtime