CVE-2020-25184

Name of the Vulnerable Software and Affected Versions Rockwell Automation ISaGRAF Runtime versions 4.x through 5.x

Description The issue concerns the storage of passwords in plaintext within a file located in the same directory as the executable file. This file is read by ISaGRAF Runtime, and the data, including passwords, is saved in a variable without any additional processing. A local, unauthenticated attacker could exploit this to compromise user passwords, leading to information disclosure.

Recommendations For versions 4.x through 5.x, consider implementing additional security measures to protect password storage, such as encrypting the password file or using a more secure method of storing and retrieving passwords. As a temporary workaround, restrict access to the directory containing the executable file and the password storage file to minimize the risk of exploitation.