111 matches found
Design/Logic Flaw
A missing secure communication definition and an incomplete TLS validation in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x, 4.2.x, 4.3.11SP, 4.4.9SP, 4.5.5SP, 4.6.4 and 4.7.2 enable unauthenticated users to perform MITM attacks via the B&R upgrade server...
Directory traversal
A directory traversal vulnerability in SharpZipLib used in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x and 4.2.x allow unauthenticated users to write to certain local directories. The vulnerability is also known as zip slip...
Privilege escalation
A privilege escalation vulnerability in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x, 4.2.x, 4.3.11SP, 4.4.9SP, 4.5.4SP, . 4.6.3SP, 4.7.2 and 4.8.1 allow authenticated users to delete arbitrary files via an exposed interface...
CVE-2019-19100 Privilege escalation via B&R Automation Studio upgrade service
A privilege escalation vulnerability in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x, 4.2.x, 4.3.11SP, 4.4.9SP, 4.5.4SP, . 4.6.3SP, 4.7.2 and 4.8.1 allow authenticated users to delete arbitrary files via an exposed interface...
CVE-2019-19100
The CVE-2019-19100 vulnerability affects B&R Automation Studio upgrade service and enables a local privilege escalation: authenticated users can delete arbitrary files via an exposed interface in Automation Studio versions 4.0.x, 4.1.x, 4.2.x and older builds prior to 4.3.11SP, 4.4.9SP, 4.5.4SP, ...
CVE-2019-19102
CVE-2019-19102 is a directory traversal (zip slip) vulnerability in SharpZipLib used by the upgrade service of B&R Automation Studio, affecting 4.0.x–4.2.x. It allows unauthenticated writers to create/overwrite files in local directories. CVSSv3.1 base score 7.5 (I:H) per NVD; base 5.5–5.0 in oth...
CVE-2019-19102 Zip Slip vulnerability in 3rd-Party library in B&R Automation Studio upgrade service
A directory traversal vulnerability in SharpZipLib used in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x and 4.2.x allow unauthenticated users to write to certain local directories. The vulnerability is also known as zip slip...
CVE-2019-19101
CVE-2019-19101 concerns a TLS validation flaw in the B&R Automation Studio upgrade service that allows unauthenticated users to perform MITM attacks via the upgrade server. Affected products: Automation Studio versions 4.0.x, 4.1.x, 4.2.x, and older builds prior to 4.3.11SP, 4.4.9SP, 4.5.5SP, 4.6...
CVE-2019-19101 Incomplete communication encryption and validation in B&R Automation Studio upgrade service
A missing secure communication definition and an incomplete TLS validation in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x, 4.2.x, 4.3.11SP, 4.4.9SP, 4.5.5SP, 4.6.4 and 4.7.2 enable unauthenticated users to perform MITM attacks via the B&R upgrade server...
B&R Automation Automation Studio Path Traversal Vulnerability
B&R Automation Automation Studio is an automation control system. A path traversal vulnerability exists in B&R Automation Automation Studio, which can be exploited by an attacker to write to certain local directories...
Unspecified Vulnerability in B&R Automation Automation Studio
B&R Automation Automation Studio is an automation control system. B&R Automation Automation Studio has a security vulnerability that can be exploited by an unauthenticated attacker to perform a MITM attack via the B&R Escalation Server...