Unrated severityNVD Advisory· Published Mar 18, 2022· Updated Apr 16, 2025
Rockwell Automation ISaGRAF5 Runtime Relative Path Traversal
CVE-2020-25176
Description
Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer (IXL) protocol perform various file operations in the file system. Since the parameter pointing to the file name is not checked for reserved characters, it is possible for a remote, unauthenticated attacker to traverse an application’s directory, which could lead to remote code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
24.x, 5.x+ 1 more
- (no CPE)range: 4.x, 5.x
- (no CPE)range: 4.x
Patches
Vulnerability mechanics
References
4- download.schneider-electric.com/filesmitrex_refsource_CONFIRM
- rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699mitrex_refsource_CONFIRM
- www.cisa.gov/uscert/ics/advisories/icsa-20-280-01mitrex_refsource_CONFIRM
- www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdfmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.