Rockwell Automation ISaGRAF5 Runtime (Update A)


2021-06-17 14:00:39 UTC


This updated advisory is a follow-up to the portal-to-web advisory titled ICSA-20-280-01P Rockwell Automation ISaGRAF5 Runtime. This advisory was originally posted to the HSIN ICS library on October 6, 2020, and was then published as ICSA-20-280-01 Rockwell Automation ISaGRAF5 Runtime to the ICS webpage on on June 8, 2021. This advisory contains mitigations for Use of Hard-coded Cryptographic Key, Unprotected Storage of Credentials, Relative Path Traversal, Uncontrolled Search Path Element, and Cleartext Transmission of Sensitive Information vulnerabilities in Rockwell Automation's ISaGRAF5 Runtime automation software.