Rockwell Automation ISaGRAF5 Runtime (Update A)

Published

2021-06-17 14:00:39 UTC

Summary

This updated advisory is a follow-up to the portal-to-web advisory titled ICSA-20-280-01P Rockwell Automation ISaGRAF5 Runtime. This advisory was originally posted to the HSIN ICS library on October 6, 2020, and was then published as ICSA-20-280-01 Rockwell Automation ISaGRAF5 Runtime to the ICS webpage on us-cert.cisa.gov on June 8, 2021. This advisory contains mitigations for Use of Hard-coded Cryptographic Key, Unprotected Storage of Credentials, Relative Path Traversal, Uncontrolled Search Path Element, and Cleartext Transmission of Sensitive Information vulnerabilities in Rockwell Automation's ISaGRAF5 Runtime automation software.