Lucene search
K

111 matches found

Prion
Prion
added 2020/04/29 3:15 a.m.15 views

Design/Logic Flaw

A missing secure communication definition and an incomplete TLS validation in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x, 4.2.x, 4.3.11SP, 4.4.9SP, 4.5.5SP, 4.6.4 and 4.7.2 enable unauthenticated users to perform MITM attacks via the B&R upgrade server...

4.3CVSS6.2AI score0.00515EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/04/29 3:15 a.m.18 views

Directory traversal

A directory traversal vulnerability in SharpZipLib used in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x and 4.2.x allow unauthenticated users to write to certain local directories. The vulnerability is also known as zip slip...

5CVSS7.4AI score0.01246EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/04/29 3:15 a.m.10 views

Privilege escalation

A privilege escalation vulnerability in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x, 4.2.x, 4.3.11SP, 4.4.9SP, 4.5.4SP, . 4.6.3SP, 4.7.2 and 4.8.1 allow authenticated users to delete arbitrary files via an exposed interface...

3.6CVSS7AI score0.00262EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/04/29 2:9 a.m.23 views

CVE-2019-19100 Privilege escalation via B&R Automation Studio upgrade service

A privilege escalation vulnerability in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x, 4.2.x, 4.3.11SP, 4.4.9SP, 4.5.4SP, . 4.6.3SP, 4.7.2 and 4.8.1 allow authenticated users to delete arbitrary files via an exposed interface...

7.5CVSS7.6AI score0.00262EPSS
Exploits0References1
CVE
CVE
added 2020/04/29 2:9 a.m.92 views

CVE-2019-19100

The CVE-2019-19100 vulnerability affects B&R Automation Studio upgrade service and enables a local privilege escalation: authenticated users can delete arbitrary files via an exposed interface in Automation Studio versions 4.0.x, 4.1.x, 4.2.x and older builds prior to 4.3.11SP, 4.4.9SP, 4.5.4SP, ...

7.5CVSS7.1AI score0.00262EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/04/29 2:7 a.m.107 views

CVE-2019-19102

CVE-2019-19102 is a directory traversal (zip slip) vulnerability in SharpZipLib used by the upgrade service of B&R Automation Studio, affecting 4.0.x–4.2.x. It allows unauthenticated writers to create/overwrite files in local directories. CVSSv3.1 base score 7.5 (I:H) per NVD; base 5.5–5.0 in oth...

7.5CVSS6.4AI score0.01246EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/04/29 2:7 a.m.28 views

CVE-2019-19102 Zip Slip vulnerability in 3rd-Party library in B&R Automation Studio upgrade service

A directory traversal vulnerability in SharpZipLib used in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x and 4.2.x allow unauthenticated users to write to certain local directories. The vulnerability is also known as zip slip...

5.5CVSS7.5AI score0.01246EPSS
Exploits0References1
CVE
CVE
added 2020/04/29 2:7 a.m.93 views

CVE-2019-19101

CVE-2019-19101 concerns a TLS validation flaw in the B&R Automation Studio upgrade service that allows unauthenticated users to perform MITM attacks via the upgrade server. Affected products: Automation Studio versions 4.0.x, 4.1.x, 4.2.x, and older builds prior to 4.3.11SP, 4.4.9SP, 4.5.5SP, 4.6...

6.5CVSS6.2AI score0.00515EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/04/29 2:7 a.m.28 views

CVE-2019-19101 Incomplete communication encryption and validation in B&R Automation Studio upgrade service

A missing secure communication definition and an incomplete TLS validation in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x, 4.2.x, 4.3.11SP, 4.4.9SP, 4.5.5SP, 4.6.4 and 4.7.2 enable unauthenticated users to perform MITM attacks via the B&R upgrade server...

6.5CVSS6.4AI score0.00515EPSS
Exploits0References1
CNVD
CNVD
added 2020/04/03 12:0 a.m.5 views

B&R Automation Automation Studio Path Traversal Vulnerability

B&R Automation Automation Studio is an automation control system. A path traversal vulnerability exists in B&R Automation Automation Studio, which can be exploited by an attacker to write to certain local directories...

7.5CVSS6.8AI score0.01246EPSS
Exploits0References1
CNVD
CNVD
added 2020/04/03 12:0 a.m.4 views

Unspecified Vulnerability in B&R Automation Automation Studio

B&R Automation Automation Studio is an automation control system. B&R Automation Automation Studio has a security vulnerability that can be exploited by an unauthenticated attacker to perform a MITM attack via the B&R Escalation Server...

6.5CVSS7.1AI score0.00515EPSS
Exploits0References1
Rows per page
Query Builder