Description
Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer (IXL) protocol perform various file operations in the file system. Since the parameter pointing to the file name is not checked for reserved characters, it is possible for a remote, unauthenticated attacker to traverse an application’s directory, which could lead to remote code execution.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Affected products
References
- VENDOR_ADVISORYhttps://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01
- MISChttps://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699
- MISChttps://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04
- VENDOR_ADVISORYhttps://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf