How severe is CVE-2020-25180?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2020-25180?

This is classified as CWE-321, which is a common weakness in software security.

CVE-2020-25180 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x includes the functionality of setting a password that is required to execute privileged commands. The password value passed to ISaGRAF Runtime is the result of encryption performed with a fixed key value using the tiny encryption algorithm (TEA) on an entered or saved password. A remote, unauthenticated attacker could pass their own encrypted password to the ISaGRAF 5 Runtime, which may result in information disclosure on the device.

Related Vulnerabilities

CVE-2019-10990

MEDIUM

CVSS:6.5(Medium)

Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, uses a hard-coded password to encrypt protected files in transit and at rest, which may allow an attacker to ...

CWE-3212019

CVE-2019-13929

MEDIUM

CVSS:6.5(Medium)

A vulnerability has been identified in SIMATIC IT UADM (All versions < V1.3). An authenticated remote attacker with network access to port 1434/tcp of SIMATIC IT UADM could potentially recover a passw...

CWE-3212019

CVE-2019-17098

MEDIUM

CVSS:6.5(Medium)

Use of hard-coded cryptographic key vulnerability in August Connect Wi-Fi Bridge App, Connect Firmware allows an attacker to decrypt an intercepted payload containing the Wi-Fi network authentication ...

CWE-3212019

CVE-2023-20016

MEDIUM

CVSS:6.5(Medium)

A vulnerability in the backup configuration feature of Cisco UCS Manager Software and in the configuration export feature of Cisco FXOS Software could allow an unauthenticated attacker with access to ...

CWE-3212023

CVE-2024-33849

MEDIUM

CVSS:6.5(Medium)

ci solution CI-Out-of-Office Manager through 6.0.0.77 uses a Hard-coded Cryptographic Key.

CWE-3212024

CVE-2025-48417

MEDIUM

CVSS:6.5(Medium)

The certificate and private key used for providing transport layer security for connections to the web interface (TCP port 443) is hard-coded in the firmware and are shipped with the update files. An ...

CWE-3212025