Cyber Resilience

CVE-2020-25176

Critical

Published: 18 March 2022

Published
18 March 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0351 87.9th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2020-25176 is a critical-severity Relative Path Traversal (CWE-23) vulnerability in Schneider-Electric Pacis Gtw Firmware. Its CVSS base score is 9.1 (Critical).

Operationally, ranked in the top 12.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer (IXL) protocol perform various file operations in the file system. Since the parameter pointing to the file name is not checked for reserved characters, it…

more

is possible for a remote, unauthenticated attacker to traverse an application’s directory, which could lead to remote code execution.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

schneider-electric
easergy t300 firmware
≤ 2.7.1
schneider-electric
easergy c5 firmware
≤ 1.1.0
schneider-electric
micom c264 firmware
≤ d6.1
schneider-electric
pacis gtw firmware
5.1, 5.2, 6.1, 6.3
schneider-electric
saitel dp firmware
≤ 11.06.21
schneider-electric
epas gtw firmware
6.4
schneider-electric
saitel dr firmware
≤ 11.06.12
schneider-electric
scd2200 firmware
≤ 10024
rockwellautomation
aadvance controller
≤ 1.40
rockwellautomation
isagraf free runtime
≤ 6.6.8
+7 more product configuration(s) — see NVD for full list

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-22

Validates pathnames and filenames to prevent traversal outside intended directories.

References