Unrated severityNVD Advisory· Published Mar 18, 2022· Updated Apr 16, 2025
Rockwell Automation ISaGRAF5 Runtime Cleartext Transmission of Sensitive Information
CVE-2020-25178
Description
ISaGRAF Workbench communicates with Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x using TCP/IP. This communication protocol provides various file system operations, as well as the uploading of applications. Data is transferred over this protocol unencrypted, which could allow a remote unauthenticated attacker to upload, read, and delete files.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
24.x to 5.x+ 1 more
- (no CPE)range: 4.x to 5.x
- (no CPE)range: 4.x
Patches
Vulnerability mechanics
References
4- download.schneider-electric.com/filesmitrex_refsource_CONFIRM
- rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699mitrex_refsource_CONFIRM
- www.cisa.gov/uscert/ics/advisories/icsa-20-280-01mitrex_refsource_CONFIRM
- www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdfmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.