Lucene search

ABBCVELIST:CVE-2021-22282

HistoryFeb 02, 2024 - 6:38 a.m.

CVE-2021-22282 RCE in B&R Automation Studio with crafted project files

2024-02-0206:38:32

CWE-94

ABB

www.cve.org

cve-2021-22282

code injection

automation studio

CVSS3

8.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON

Improper Control of Generation of Code (‘Code Injection’) vulnerability in B&R Industrial Automation Automation Studio allows Local Execution of Code.This issue affects Automation Studio: from 4.0 through 4.12.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Automation Studio",
    "vendor": "B&R Industrial Automation",
    "versions": [
      {
        "lessThanOrEqual": "4.12",
        "status": "affected",
        "version": "4.0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.br-automation.com/fileadmin/2021-12_RCE_Vulnerability_in_BnR_Automation_Studio-1b993aeb.pdf

CVSS3

8.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON

Related for CVELIST:CVE-2021-22282