Uncontrolled DLL Loading Vulnerability in Rockwell Automation ISaGRAF Runtime on Windows Systems

Uncontrolled DLL Loading Vulnerability in Rockwell Automation ISaGRAF Runtime on Windows Systems

CVE-2020-25182 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. Uncontrolled loading of dynamic libraries could allow a local, unauthenticated attacker to execute arbitrary code. This vulnerability only affects ISaGRAF Runtime when running on Microsoft Windows systems.

Learn more about our Web Application Penetration Testing UK.