Lucene search

ABBCVELIST:CVE-2021-22281

HistoryFeb 02, 2024 - 7:24 a.m.

CVE-2021-22281 Zip Slip Vulnerability in B&R Automation Studio Project Import

2024-02-0207:24:29

CWE-23

ABB

www.cve.org

cve-2021-22281

zip slip

b&r automation studio

project import

relative path traversal

industrial automation

CVSS3

6.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

EPSS

0.001

Percentile

18.0%

JSON

: Relative Path Traversal vulnerability in B&R Industrial Automation Automation Studio allows Relative Path Traversal.This issue affects Automation Studio: from 4.0 through 4.12.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Automation Studio",
    "vendor": "B&R Industrial Automation",
    "versions": [
      {
        "lessThanOrEqual": "4.12",
        "status": "affected",
        "version": "4.0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.br-automation.com/fileadmin/2021-11_ZipSlip_Vulnerability_in_Automation_Studio_Project_Import-b90d2f42.pdf

CVSS3

6.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

EPSS

0.001

Percentile

18.0%

JSON

Related for CVELIST:CVE-2021-22281