Multiple vulnerabilities in Rockwell Automation Software that were also found to be directly affecting the products of Schneider Electric, GE, and other...

Continue reading
Researchers at Kaspersky have discovered multiple vulnerabilities in Rockwell Automation Software that were also found to be directly affecting the products of Schneider Electric, GE, and other companies. The vulnerabilities were found from the ISaGRAF of Rockwell Automation Software designed explicitly for automation product development.
While out of the identified vulnerabilities, the most critical one appears to be CVE-2020-25176, which can be exploited by “a remote attacker authenticated on the IXL [ISaGRAF eXchange Layer] protocol to traverse an application’s directory, which could lead to remote code execution.”
Besides, another potentially risky vulnerability labeled as CVE-2020-25178 was related to sending information in plain text. Remote unauthenticated attackers can easily exploit it to download, read, or delete files.
CVE-2020-25184 is also classified as high severity and can also be exploited by an unauthorized local attacker to obtain user's passwords which are found to remain stored in plain text. This allows an unauthenticated local attacker to execute arbitrary code, and the other allows remote access to information without authentication.
Evgeny Goncharov, head of cyberspace emergency response at Kaspersky ICS, told SecurityWeek that the consequences of exploiting this vulnerability in an attack would depend on the intended use of the target device.
“As some of the affected products are known to be used to control industrial enterprise mission-critical assets, and therefore essential parts of the enterprise technological process depend on them, the potential attack consequences could be pretty devastating.” Goncharov warned.
In a statement released this week, Rockwell Automation mentioned that the vulnerability would affect the AADvance control system, ISaGRAF runtime, ISaGRAF6 runtime tools, and Micro800 controllers.
The ISaGRAF runtime and ISaGRAF6 runtime include Easergy, MiCOM, PACIS, EPAS, Saitel, SCADAPack, SCD2200, and SAGE products. Most of them are remote terminal units(RTUs).
“ISaGRAF Workbench is used to program applications for embedded devices using IEC 61131-3 languages and may be incorporated into larger programming and configuration tools. The ISaGRAF Runtime module executes the process control code created in ISaGRAF Workbench on embedded devices,” Schneider Electric explained in its advisory.
The US Cybersecurity and Infrastructure Security Agency (CISA), which helps coordinate disclosures to relevant retailers, also issued a notice this week. According to CISA, the ALSPAS 6 MFC3000 and MFC1000 GE Steam Power control systems were also affected by the ISaGRAF bug. GE does not appear to have made a public announcement, but CISA encourages customers to contact the company to address the vulnerability. Schneider, Rockwell Automation, and GE took steps to address this vulnerability, but Kaspersky could not identify it because other vendors did not release fixes for their products on SecurityWeek.

Splunk disclosed CVE-2026-20253, a critical pre-auth RCE flaw in Splunk Enterprise (CVSS 9.8) from insecure MongoDB defaults. Patches released; upgrade to 9.1.8, 9.2.5, or 9.3.2.