Incorrect permissions are set by default for an API entry-point of a specific service, allowing a non-authenticated user to trigger a function that could reboot the CompactRIO (Driver versions prior to 20.5) remotely.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25191
Reference (s):
- https://us-cert.cisa.gov/ics/advisories/icsa-20-338-01
- URL: https://us-cert.cisa.gov/ics/advisories/icsa-20-338-01