Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer (IXL) protocol perform various file operations in the file system. Since the parameter pointing to the file name is not checked for reserved characters, it is possible for a remote, unauthenticated malicious user to traverse an application’s directory, which could lead to remote code execution.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
schneider-electric easergy_t300_firmware |
||
schneider-electric easergy_c5_firmware |
||
schneider-electric micom_c264_firmware |
||
schneider-electric pacis_gtw_firmware 5.1 |
||
schneider-electric pacis_gtw_firmware 5.2 |
||
schneider-electric pacis_gtw_firmware 6.1 |
||
schneider-electric pacis_gtw_firmware 6.3 |
||
schneider-electric saitel_dp_firmware |
||
schneider-electric epas_gtw_firmware 6.4 |
||
schneider-electric saitel_dr_firmware |
||
schneider-electric scd2200_firmware |
||
rockwellautomation aadvance controller |
||
rockwellautomation isagraf free runtime |
||
rockwellautomation isagraf runtime |
||
rockwellautomation micro810_firmware - |
||
rockwellautomation micro820_firmware - |
||
rockwellautomation micro830_firmware - |
||
rockwellautomation micro850_firmware - |
||
rockwellautomation micro870_firmware - |
||
xylem multismart firmware |
Vulmon