CVE-2020-25176:Path Traversal Vulnerability in Rockwell Automation ISaGRAF Runtime

splash
Back

Description Preview

A path traversal vulnerability (CWE-22) exists in Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x. The eXchange Layer (IXL) protocol used by ISaGRAF Runtime performs various file operations without properly validating file name parameters for reserved characters. This allows remote, unauthenticated attackers to traverse directories outside the intended application path, potentially leading to remote code execution.

Overview

The vulnerability affects the ISaGRAF Runtime Versions 4.x and 5.x developed by Rockwell Automation. The issue stems from insufficient input validation in the eXchange Layer (IXL) protocol when handling file operations. When processing commands that involve file operations, the software fails to properly sanitize file name parameters, allowing attackers to use path traversal sequences (such as "../") to access files and directories outside the intended scope. An unauthenticated remote attacker could exploit this vulnerability to access sensitive files, modify system configurations, or potentially execute arbitrary code on the affected system. This vulnerability poses significant risks to industrial control systems and operational technology environments where ISaGRAF Runtime is deployed.

Remediation

Organizations using affected versions of Rockwell Automation ISaGRAF Runtime should implement the following mitigations:

  1. Apply the latest security patches and updates provided by Rockwell Automation as detailed in their security advisory.
  2. If patching is not immediately possible, implement network segmentation to restrict access to systems running the vulnerable software.
  3. Use firewalls to block unauthorized access to the IXL protocol.
  4. Monitor systems for suspicious activities, particularly unusual file access patterns.
  5. Follow the specific remediation guidance provided in the Schneider Electric security advisory (SEVD-2021-159-04).
  6. For Xylem MultiSmart products that use the affected component, refer to the Xylem cybersecurity advisory for product-specific mitigation strategies.
  7. Consider implementing the principle of least privilege for all industrial control system components.
  8. Ensure proper network segmentation between IT and OT networks where these systems are deployed.

References

  1. Schneider Electric Security Advisory (SEVD-2021-159-04): https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04
  2. Rockwell Automation Knowledge Base Article: https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699
  3. CISA ICS Advisory (ICSA-20-280-01): https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01
  4. Xylem MultiSmart Cybersecurity Advisory: https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf
  5. Common Weakness Enumeration (CWE-22): Path Traversal

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Manufacturing
    Manufacturing
  2. Transportation & Warehousing
    Transportation & Warehousing
  3. Accommodation & Food Services
    Accommodation & Food Services
  4. Administrative, Support, Waste Management & Remediation Services
    Administrative, Support, Waste Management & Remediation Services
  5. Agriculture, Forestry Fishing & Hunting
    Agriculture, Forestry Fishing & Hunting
  6. Arts, Entertainment & Recreation
    Arts, Entertainment & Recreation
  7. Construction
    Construction
  8. Educational Services
    Educational Services
  9. Finance and Insurance
    Finance and Insurance
  10. Health Care & Social Assistance
    Health Care & Social Assistance
  11. Information
    Information
  12. Management of Companies & Enterprises
    Management of Companies & Enterprises
  13. Mining
    Mining
  14. Other Services (except Public Administration)
    Other Services (except Public Administration)
  15. Professional, Scientific, & Technical Services
    Professional, Scientific, & Technical Services
  16. Public Administration
    Public Administration
  17. Real Estate Rental & Leasing
    Real Estate Rental & Leasing
  18. Retail Trade
    Retail Trade
  19. Utilities
    Utilities
  20. Wholesale Trade
    Wholesale Trade

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background
Armis Vulnerability Intelligence Database