CVE-2020-25178

Name of the Vulnerable Software and Affected Versions ISaGRAF Workbench versions 4.x through 5.x

Description The issue is related to the communication protocol used by ISaGRAF Workbench to interact with Rockwell Automation ISaGRAF Runtime. This protocol, which operates over TCP/IP, allows for various file system operations, including the uploading of applications. However, data transferred via this protocol is unencrypted, potentially enabling a remote, unauthenticated attacker to upload, read, and delete files.

Recommendations For versions 4.x through 5.x, consider implementing encryption for data transferred over the TCP/IP protocol to prevent unauthorized access. As a temporary workaround, restrict access to the TCP/IP communication protocol to minimize the risk of exploitation.