{"cve":{"cve_id":"CVE-2020-25176","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.06062,"epss_percentile":0.92447,"epss_as_of":"2026-06-23","description":"Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer (IXL) protocol perform various file operations in the file system. Since the parameter pointing to the file name is not checked for reserved characters, it is possible for a remote, unauthenticated attacker to traverse an application’s directory, which could lead to remote code execution.","published_at":"2022-03-18T18:00:31Z","last_modified_at":null,"cvss_v3_score":9.1,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","cvss_v3_severity":"CRITICAL","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":"none","ssvc_automatable":false,"ssvc_technical_impact":"total","cwes":["CWE-23"],"nvd_references":["https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01","https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699","https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04","https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:13:53.790539Z"},"effective_severity":"CRITICAL","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"H","value_label":"High"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"C","value_label":"Changed"},{"metric":"C","name":"Confidentiality","value":"H","value_label":"High"},{"metric":"I","name":"Integrity","value":"H","value_label":"High"},{"metric":"A","name":"Availability","value":"H","value_label":"High"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"rockwell-automation","vendor_name":"Rockwell Automation","product_slug":"isagraf-runtime","product_name":"ISaGRAF Runtime","version_start":"4.x","version_start_inclusive":true,"version_end":"4.x","version_end_inclusive":true,"cpe23_uri":"cve5:rockwell-automation:isagraf-runtime:4.x:4.x"},{"vendor_slug":"rockwell-automation","vendor_name":"Rockwell Automation","product_slug":"isagraf-runtime","product_name":"ISaGRAF Runtime","version_start":"5.x","version_start_inclusive":true,"version_end":"5.x","version_end_inclusive":true,"cpe23_uri":"cve5:rockwell-automation:isagraf-runtime:5.x:5.x"}],"exploit_refs":[],"news":[],"references":[{"url":"https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01","source_type":"VENDOR_ADVISORY","tags":["advisory"]},{"url":"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699","source_type":"MISC","tags":[]},{"url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04","source_type":"MISC","tags":[]},{"url":"https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf","source_type":"VENDOR_ADVISORY","tags":["advisory"]}],"timeline":[{"type":"published","at":"2022-03-18T18:00:31Z","label":"CVE published","source":null},{"type":"ssvc_changed","at":"2026-06-24T00:31:28.220836Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-24T00:31:28.220836Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-24T00:31:28.220836Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:31:28.220836Z","label":"CVSS score revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:31:28.220836Z","label":"CVSS score revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:31:28.220836Z","label":"CVSS score revised","source":"vulnrichment"}]}