Unrated severityNVD Advisory· Published Mar 18, 2022· Updated Apr 16, 2025
Rockwell Automation ISaGRAF5 Runtime Unprotected Storage of Credentials
CVE-2020-25184
Description
Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x stores the password in plaintext in a file that is in the same directory as the executable file. ISaGRAF Runtime reads the file and saves the data in a variable without any additional modification. A local, unauthenticated attacker could compromise the user passwords, resulting in information disclosure.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
24.x, 5.x+ 1 more
- (no CPE)range: 4.x, 5.x
- (no CPE)range: 4.x
Patches
Vulnerability mechanics
References
4- download.schneider-electric.com/filesmitrex_refsource_CONFIRM
- rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699mitrex_refsource_CONFIRM
- www.cisa.gov/uscert/ics/advisories/icsa-20-280-01mitrex_refsource_CONFIRM
- www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdfmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.