A CVSS v3 base score of 6.5 has been calculated the CVSS vector string is ( AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N). 3.2.2 MISSING REQUIRED CRYPTOGRAPHIC STEP CWE-325Ī missing secure communication definition and an incomplete TLS validation in the upgrade service in B&R Automation Studio enable unauthenticated users to perform MITM attacks via the B&R upgrade server.ĬVE-2019-19101 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated the CVSS vector string is ( AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H). Automation Studio, versions prior to 4.8.1ģ.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER PRIVILEGE MANAGEMENT CWE-269Ī privilege escalation vulnerability in the upgrade service in B&R Automation Studio could allow authenticated users to delete arbitrary files via an exposed interface.ĬVE-2019-19100 has been assigned to this vulnerability.Automation Studio, versions prior to 4.7.2.Automation Studio, versions prior to 4.6.3SP.Automation Studio, versions prior to 4.5.4SP.Automation Studio, versions prior to 4.4.9SP.Automation Studio, versions prior to 4.3.11SP.TECHNICAL DETAILS 3.1 AFFECTED PRODUCTSī&R Automation reports the vulnerabilities affect the following versions of Automation Studio: Successful exploitation of these vulnerabilities could allow an attacker to delete arbitrary files from this system, fetch arbitrary files, or perform arbitrary write operations. Vulnerabilities: Improper Privilege Management, Missing Required Cryptographic Step, Path Traversal.
ATTENTION: Exploitable remotely/low skill level to exploit.
0 kommentar(er)
