Описание
ISaGRAF Workbench communicates with Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x using TCP/IP. This communication protocol provides various file system operations, as well as the uploading of applications. Data is transferred over this protocol unencrypted, which could allow a remote unauthenticated attacker to upload, read, and delete files.
Ссылки
- Vendor Advisory
- Permissions Required
- Third Party AdvisoryUS Government Resource
- Vendor Advisory
- Vendor Advisory
- Permissions Required
- Third Party AdvisoryUS Government Resource
- Vendor Advisory
Уязвимые конфигурации
Одновременно
Одновременно
Одновременно
Одновременно
Одно из
Одновременно
Одновременно
Одно из
Одновременно
Одновременно
Одно из
Одно из
Одновременно
Одновременно
Одновременно
Одновременно
Одновременно
EPSS
7.5 High
CVSS3
8.8 High
CVSS3
9.3 Critical
CVSS2
Дефекты
Связанные уязвимости
ISaGRAF Workbench communicates with Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x using TCP/IP. This communication protocol provides various file system operations, as well as the uploading of applications. Data is transferred over this protocol unencrypted, which could allow a remote unauthenticated attacker to upload, read, and delete files.
Уязвимость реализации протокола связи TCP/IP среды разработки приложений для программируемых логических контроллеров ISaGRAF Workbench, позволяющая нарушителю загружать, читать и удалять файлы
EPSS
7.5 High
CVSS3
8.8 High
CVSS3
9.3 Critical
CVSS2