CVE-2020-25184:Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x stores passwords in plaintext, allowing unauthenticated local attackers to access user credentials.

splash
Back

Description Preview

A vulnerability has been identified in Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x where user passwords are stored in plaintext format in a file located in the same directory as the executable file. The application reads this file and saves the password data in a variable without any encryption or protection. This insecure storage of credentials allows any local, unauthenticated attacker with access to the file system to easily obtain user passwords, resulting in information disclosure and potentially leading to unauthorized access to systems or applications.

Overview

This vulnerability (CVE-2020-25184) is classified as CWE-522: Insufficiently Protected Credentials. The issue affects Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x, which is a software environment used in industrial control systems. The plaintext storage of passwords violates security best practices that require credentials to be stored using secure methods such as hashing with appropriate salting. The vulnerability impacts the confidentiality of user credentials and could lead to unauthorized access to industrial control systems if exploited. This issue has been acknowledged by multiple vendors including Rockwell Automation, Schneider Electric, and Xylem, as their products incorporate the affected ISaGRAF Runtime.

Remediation

  1. Update to the latest version of ISaGRAF Runtime if a patched version is available.
  2. Implement access control measures to restrict access to the directory containing the password file.
  3. Monitor for unauthorized access to the affected systems.
  4. Change all passwords after implementing security measures or updating the software.
  5. Follow vendor-specific recommendations provided in their respective security advisories:
    • Rockwell Automation: https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699
    • Schneider Electric: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04
    • Xylem: https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf
  6. Consider implementing network segmentation to limit access to affected systems.
  7. Apply the principle of least privilege for all user accounts interacting with the affected systems.

References

  1. CISA Advisory: https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01
  2. Schneider Electric Security Advisory: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04
  3. Rockwell Automation Security Advisory: https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699
  4. Xylem Security Advisory: https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf
  5. CWE-522: Insufficiently Protected Credentials: https://cwe.mitre.org/data/definitions/522.html

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Manufacturing
    Manufacturing
  2. Transportation & Warehousing
    Transportation & Warehousing
  3. Accommodation & Food Services
    Accommodation & Food Services
  4. Administrative, Support, Waste Management & Remediation Services
    Administrative, Support, Waste Management & Remediation Services
  5. Agriculture, Forestry Fishing & Hunting
    Agriculture, Forestry Fishing & Hunting
  6. Arts, Entertainment & Recreation
    Arts, Entertainment & Recreation
  7. Construction
    Construction
  8. Educational Services
    Educational Services
  9. Finance and Insurance
    Finance and Insurance
  10. Health Care & Social Assistance
    Health Care & Social Assistance
  11. Information
    Information
  12. Management of Companies & Enterprises
    Management of Companies & Enterprises
  13. Mining
    Mining
  14. Other Services (except Public Administration)
    Other Services (except Public Administration)
  15. Professional, Scientific, & Technical Services
    Professional, Scientific, & Technical Services
  16. Public Administration
    Public Administration
  17. Real Estate Rental & Leasing
    Real Estate Rental & Leasing
  18. Retail Trade
    Retail Trade
  19. Utilities
    Utilities
  20. Wholesale Trade
    Wholesale Trade

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background
Armis Vulnerability Intelligence Database