Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x includes the functionality of setting a password that is required to execute privileged commands. The password value passed to ISaGRAF Runtime is the result of encryption performed with a fixed key value using the tiny encryption algorithm (TEA) on an entered or saved password. A remote, unauthenticated attacker could pass their own encrypted password to the ISaGRAF 5 Runtime, which may result in information disclosure on the device.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: icscert
Published: 2022-03-18T18:00:33
Updated: 2024-08-04T15:26:09.581Z
Reserved: 2020-09-04T00:00:00
Link: CVE-2020-25180
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-03-18T18:15:09.187
Modified: 2024-11-21T05:17:34.417
Link: CVE-2020-25180
Redhat
No data.