CVE-2020-25178 : Security Advisory and Response

Rockwell Automation ISaGRAF5 Runtime Cleartext Transmission of Sensitive Information

Understanding CVE-2020-25178

This CVE involves vulnerabilities in Rockwell Automation's ISaGRAF Runtime Versions 4.x and 5.x, allowing remote unauthenticated attackers to upload, read, and delete files due to unencrypted data transfer over TCP/IP.

What is CVE-2020-25178?

ISaGRAF Workbench communicates with Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x using TCP/IP. The lack of encryption in this communication protocol exposes sensitive information to potential exploitation by remote attackers.

The Impact of CVE-2020-25178

The vulnerability has a CVSS base score of 7.5 (High severity) with significant impacts on confidentiality, integrity, and availability. Attackers can exploit this flaw to perform unauthorized file operations on affected systems.

Technical Details of CVE-2020-25178

Vulnerability Description

The vulnerability arises from the unencrypted data transfer between ISaGRAF Workbench and ISaGRAF Runtime, enabling attackers to manipulate files remotely.

Affected Systems and Versions

Product: ISaGRAF Runtime
Vendor: Rockwell Automation
Versions: 4.x, 5.x

Exploitation Mechanism

Attackers can exploit the vulnerability by intercepting unencrypted data transferred over TCP/IP, allowing them to upload, read, and delete files on the affected systems.

Mitigation and Prevention

Immediate Steps to Take

Update to ISaGRAF Runtime 5 Version 5.72.00
Restrict or block access on TCP 1131 and TCP 1132
Follow the least-privilege user principle

Long-Term Security Practices

Employ proper network segmentation and security controls
Minimize network exposure for control system devices
Isolate control systems behind firewalls
Implement defense-in-depth strategies

Patching and Updates

Evaluate and apply provided mitigations
Combine guidance with general security best practices
Refer to industry-specific security guidelines
Utilize network infrastructure controls