CVE-2020-25182
Rockwell Automation ISaGRAF5 Runtime Uncontrolled Search Path Element
Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. Uncontrolled loading of dynamic libraries could allow a local, unauthenticated attacker to execute arbitrary code. This vulnerability only affects ISaGRAF Runtime when running on Microsoft Windows systems.
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Productos afectados
Rockwell Automation · ISaGRAF Runtime¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf