CVE-2020-25182 MEDIUM

CVE-2020-25182: Rockwell Automation ISaGRAF5 Runtime Uncontrolled Search Path Element

Vendor Rockwell Automation
Product ISaGRAF Runtime
Weakness CWE-427
Published March 18, 2022
Last update April 16, 2025

CVSS base score

6.7/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. Uncontrolled loading of dynamic libraries could allow a local, unauthenticated attacker to execute arbitrary code. This vulnerability only affects ISaGRAF Runtime when running on Microsoft Windows systems.

Key dates

02Disclosure timeline

March 18, 2022 CVE published
April 16, 2025 Record updated