Unrated severityNVD Advisory· Published Mar 18, 2022· Updated Apr 16, 2025
Rockwell Automation ISaGRAF5 Runtime Uncontrolled Search Path Element
CVE-2020-25182
Description
Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. Uncontrolled loading of dynamic libraries could allow a local, unauthenticated attacker to execute arbitrary code. This vulnerability only affects ISaGRAF Runtime when running on Microsoft Windows systems.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2>=4.0, <=5.x+ 1 more
- (no CPE)range: >=4.0, <=5.x
- (no CPE)range: 4.x
Patches
Vulnerability mechanics
References
4- download.schneider-electric.com/filesmitrex_refsource_CONFIRM
- rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699mitrex_refsource_CONFIRM
- www.cisa.gov/uscert/ics/advisories/icsa-20-280-01mitrex_refsource_CONFIRM
- www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdfmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.