CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
EPSS
Percentile
9.0%
Unquoted Search Path or Element vulnerability in B&R Industrial Automation Automation Studio, B&R Industrial Automation NET/PVI allows Target Programs with Elevated Privileges.This issue affects Automation Studio: from 4.0 through 4.6, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4 SP; NET/PVI: from 4.0 through 4.6, from 4.7.0 before 4.7.7, from 4.8.0 before 4.8.6, from 4.9.0 before 4.9.4.
[
{
"defaultStatus": "unaffected",
"product": "Automation Studio",
"vendor": "B&R Industrial Automation",
"versions": [
{
"lessThanOrEqual": "4.6",
"status": "affected",
"version": "4.0",
"versionType": "custom"
},
{
"lessThan": "4.7.7 SP",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
},
{
"lessThan": "4.8.6 SP",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
},
{
"lessThan": "4.9.4 SP",
"status": "affected",
"version": "4.9.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NET/PVI",
"vendor": "B&R Industrial Automation",
"versions": [
{
"lessThanOrEqual": "4.6",
"status": "affected",
"version": "4.0",
"versionType": "custom"
},
{
"lessThan": "4.7.7",
"status": "affected",
"version": "4.7.0",
"versionType": "custom"
},
{
"lessThan": "4.8.6",
"status": "affected",
"version": "4.8.0",
"versionType": "custom"
},
{
"lessThan": "4.9.4",
"status": "affected",
"version": "4.9.0",
"versionType": "custom"
}
]
}
]