Kaspersky publishes information on newly identified vulnerabilities in order to raise user awareness of the IT security threats detected. Kaspersky does not make any guarantees in respect of information received from vendors of products in which vulnerabilities have been identified, which is included in the following sections of the advisory: Affected Products, Vendor Mitigation.
|CWE||CWE-427: Uncontrolled Search Path Element|
ISaGRAF Runtime for Microsoft Windows searches its directory for all files that have extension “.dll” and loads them as dynamic libraries.
Uncontrolled loading of dynamic libraries could allow a local attacker to execute arbitrary code.
|CVSS v3 Base Score||6.7 (Medium)|
|Difficulty||⚠ Low skill level to exploit|
|Privilege required||High privilege level required: high-privilege level is required to create files in %PROGRAMFILES% directory|
|User interaction||⚠ No user interaction required|
|Confidentiality||⚠ Confidentiality of the system may be seriously affected|
|Integrity||⚠ Integrity of the system may be seriously affected|
|Availability||⚠ Availability of the system may be seriously affected|
|Rockwell Automation mitigation||
Rockwell Automation recommends upgrading to ISaGRAF Runtime 5 version 5.72.00.
Since ISaGRAF 5 Runtime is provided to a customer as a development kit, implementing least-privilege may vary from implementation to implementation based on the hardware in use.
Customers should ensure that the least-privilege user principle is followed, and user/service account access to Runtime’s folder location is granted with a minimum amount of rights as needed.
2020-02-21 – Vulnerability reported
2020-03-11 – Rockwell Automation confirmed the vulnerability
2021-06-08 – Rockwell Automation published the advisory
2021-06-17 – ICS CERT published the advisory