111 matches found
EUVD-2021-9435
Malicious code in bioql PyPI...
EUVD-2021-9427
Malicious code in bioql PyPI...
EUVD-2022-35001
Malicious code in bioql PyPI...
EUVD-2021-9426
Malicious code in bioql PyPI...
EUVD-2021-9428
Malicious code in bioql PyPI...
CVE-2019-19101
A missing secure communication definition and an incomplete TLS validation in the upgrade service in B Automation Studio versions 4.0.x, 4.1.x, 4.2.x, 4.3.11SP, 4.4.9SP, 4.5.5SP, 4.6.4 and 4.7.2 enable unauthenticated users to perform MITM attacks via the B upgrade server...
CVE-2019-19102
A directory traversal vulnerability in SharpZipLib used in the upgrade service in B Automation Studio versions 4.0.x, 4.1.x and 4.2.x allow unauthenticated users to write to certain local directories. The vulnerability is also known as zip slip...
CVE-2019-19100
A privilege escalation vulnerability in the upgrade service in B Automation Studio versions 4.0.x, 4.1.x, 4.2.x, 4.3.11SP, 4.4.9SP, 4.5.4SP, . 4.6.3SP, 4.7.2 and 4.8.1 allow authenticated users to delete arbitrary files via an exposed interface...
CVE-2024-10490
An “Authentication Bypass Using an Alternate Path or Channel” vulnerability in the OPC UA Server configuration required for B&R mapp Cockpit before 6.0, B&R mapp View before 6.0, B&R mapp Services before 6.0, B&R mapp Motion before 6.0 and B&R mapp Vision before 6.0 may be used by an...
CVE-2024-10490
The CVE-2024-10490 issue affects B&R mapp Cockpit, View, Services, Motion, and Vision prior to version 6.0, due to an Authentication Bypass in the OPC UA Server configuration. The root cause is an authentication bypass that can be triggered by an unauthenticated network-based attacker, potentiall...
Security Bulletin: Vulnerability affect IBM Business Automation Workflow - CVE-2024-37528
Summary IBM Business Automation Workflow Center is vulnerable to a Cross.Site Scripting attack. Vulnerability Details CVEID:CVE-2024-37528 DESCRIPTION: IBM CP4BA - Business Automation Studio Component is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed...
CVE-2021-22280
Improper DLL loading algorithms in B&R Automation Studio versions =4.0 and 4.12 may allow an authenticated local attacker to execute code in the context of the product...
CVE-2021-22280
Improper DLL loading algorithms in B&R Automation Studio versions =4.0 and 4.12 may allow an authenticated local attacker to execute code in the context of the product...
CVE-2021-22280
CVE-2021-22280 крат: B&R Automation Studio versions 4.0–4.11 suffer from improper DLL loading, enabling an authenticated local attacker to execute code in the product context. The issue is confirmed across multiple sources (PT-2024-10875, Red Hat/NVD records). Impact is local code execution with ...
CVE-2021-22280 DLL Hijacking Vulnerability in Automation Studio
Improper DLL loading algorithms in B&R Automation Studio versions =4.0 and 4.12 may allow an authenticated local attacker to execute code in the context of the product...
B&R Industrial Automation Studio 安全漏洞
B&R Industrial Automation Studio is a suite of integrated development environments IDEs from B&R Industrial Automation, an Austrian company that develops and programs its automation solutions. A security vulnerability exists in B&R Industrial Automation Studio versions prior to 4.12 that stems fr...
PT-2024-10875 · B&R · Automation Studio
Name of the Vulnerable Software and Affected Versions: B&R Automation Studio versions 4.0 through 4.11 Description: The issue is related to improper DLL loading algorithms, which may allow an authenticated local attacker to execute code in the context of the product with elevated privileges...
CVE-2024-0220 B&R products use insufficient communication encryption
B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive data...
CVE-2024-0220 B&R products use insufficient communication encryption
B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive data...
CVE-2024-0220
Affected software: B&R Automation Studio Upgrade Service and B&R Technology Guarding. Issue: insufficient cryptography in communications with upgrade and licensing servers, enabling a network attacker to potentially execute arbitrary code or sniff sensitive data. Root cause: cryptographic weaknes...