CVE-2020-25182
MEDIUMSchneider-electric Easergy T300 Firmware - Uncontrolled Search Path
Title source: ruleDescription
Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. Uncontrolled loading of dynamic libraries could allow a local, unauthenticated attacker to execute arbitrary code. This vulnerability only affects ISaGRAF Runtime when running on Microsoft Windows systems.
References (4)
Scores
CVSS v3
6.7
EPSS
0.0001
EPSS Percentile
2.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Classification
CWE
CWE-427
Status
published
Affected Products (22)
schneider-electric/easergy_t300_firmware
< 2.7.1
schneider-electric/easergy_c5_firmware
< 1.1.0
schneider-electric/micom_c264_firmware
< d6.1
schneider-electric/pacis_gtw_firmware
schneider-electric/pacis_gtw_firmware
schneider-electric/pacis_gtw_firmware
schneider-electric/pacis_gtw_firmware
schneider-electric/pacis_gtw_firmware
schneider-electric/saitel_dp_firmware
< 11.06.21
schneider-electric/epas_gtw_firmware
schneider-electric/epas_gtw_firmware
schneider-electric/saitel_dr_firmware
< 11.06.12
schneider-electric/scd2200_firmware
< 10024
rockwellautomation/aadvance_controller
< 1.40
rockwellautomation/isagraf_free_runtime
< 6.6.8
... and 7 more
Timeline
Published
Mar 18, 2022
Tracked Since
Feb 18, 2026