Lucene search
K

111 matches found

CVE
CVE
added 2022/08/11 2:56 p.m.63 views

CVE-2021-22289

CVE-2021-22289 affects B&R Automation Studio 4 (version >= 4.0) and targets the project upload mechanism. It stems from improper input validation and could allow an unauthenticated network attacker to execute code remotely. Documents describe potential remote code execution, information disclo...

9.8CVSS9.4AI score0.00648EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/08/11 12:0 a.m.5 views

B&R Automation Studio 输入验证错误漏洞

B&R Automation Studio is an integrated software development environment from B&R Automation, an Austrian company. A security vulnerability exists in B&R Automation Studio versions above 4.0, which stems from an input validation vulnerability in the project upload mechanism that could allow an...

9.8CVSS8.4AI score0.00648EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2022/05/26 10:49 a.m.25 views

Hackers Increasingly Using Browser Automation Frameworks for Malicious Activities

Cybersecurity researchers are calling attention to a free-to-use browser automation framework that's being increasingly used by threat actors as part of their attack campaigns. "The framework contains numerous features which we assess may be utilized in the enablement of malicious activities,"...

1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2022/04/28 12:0 a.m.58 views

Rockwell Automation Studio 5000 Logix Designer Improper Control of Generation of Code (CVE-2022-1159)

Rockwell Automation Studio 5000 Logix Designer all versions are vulnerable when an attacker who achieves administrator access on a workstation running Studio 5000 Logix Designer could inject controller code undetectable to a user. This plugin only works with Tenable.ot. Please visit...

7.7CVSS7.3AI score0.03398EPSS
Exploits0References5
Cvelist
Cvelist
added 2022/04/01 10:17 p.m.36 views

CVE-2022-26022 Rockwell Automation Studio 5000 Logix Designer Out-of-Bounds Write

Omron CX-Position versions 2.5.3 and prior is vulnerable to an out-of-bounds write while processing a specific project file, which may allow an attacker to execute arbitrary code...

7.8CVSS8.1AI score0.01409EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/04/01 10:17 p.m.36 views

CVE-2022-26417 Rockwell Automation Studio 5000 Logix Designer Use After Free

Omron CX-Position versions 2.5.3 and prior is vulnerable to a use after free memory condition while processing a specific project file, which may allow an attacker to execute arbitrary code...

7.8CVSS8.1AI score0.01409EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/04/01 10:17 p.m.25 views

CVE-2022-25959 Rockwell Automation Studio 5000 Logix Designer Improper Restriction of Operations within the Bounds of a Memory Buffer

Omron CX-Position versions 2.5.3 and prior is vulnerable to memory corruption while processing a specific project file, which may allow an attacker to execute arbitrary code...

7.8CVSS8.2AI score0.0138EPSS
Exploits0References2
CNVD
CNVD
added 2022/01/21 12:0 a.m.17 views

IBM Cloud Pak for Automation Input Validation Error Vulnerability

IBM Cloud Pak for Automation is an intelligent software platform for building automation applications in cloud environments from IBM USA. The platform uses pre-integrated automation technologies and low-code tools to design, build and run automation applications and services on any cloud. A...

5.4CVSS5.4AI score0.00771EPSS
Exploits0References1
NVD
NVD
added 2022/01/18 5:15 p.m.14 views

CVE-2021-29872

IBM Cloud Pak for Automation 21.0.1 and 21.0.2 - Business Automation Studio Component is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP...

5.4CVSS0.00771EPSS
Exploits0References2
OSV
OSV
added 2022/01/18 5:15 p.m.4 views

CVE-2021-29872

IBM Cloud Pak for Automation 21.0.1 and 21.0.2 - Business Automation Studio Component is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP...

5.4CVSS6AI score0.00771EPSS
Exploits0References2
Prion
Prion
added 2022/01/18 5:15 p.m.20 views

Cross site scripting

IBM Cloud Pak for Automation 21.0.1 and 21.0.2 - Business Automation Studio Component is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP...

3.5CVSS5.4AI score0.00771EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/01/18 4:50 p.m.48 views

CVE-2021-29872

IBM Cloud Pak for Automation 21.0.1 and 21.0.2 – Business Automation Studio component is vulnerable to HTTP header injection due to improper HOST header validation. A remote attacker can craft requests to inject the HOST header, enabling attacks such as cross-site scripting, cache poisoning, or s...

5.4CVSS5.4AI score0.00771EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2022/01/18 12:0 a.m.6 views

IBM Cloud Pak for Automation 安全漏洞

IBM Cloud Pak for Automation is an intelligent software platform for building automation applications in cloud environments from IBM USA. The platform uses pre-integrated automation technologies and low-code tools to design, build and run automation applications and services on any cloud. A...

5.4CVSS5.5AI score0.00771EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/17 4:28 p.m.21 views

Security Bulletin: Host header injection vulnerability in Business Automation Studio in Cloud Pak for Automation (CVE-2021-29872)

Summary Business Automation Studio in IBM Cloud Pak for Automation is vulnerable to a host header injection attack. Vulnerability Details CVEID: CVE-2021-29872 DESCRIPTION: IBM ICP4A - Business Automation Studio Component is vulnerable to HTTP header injection, caused by improper validation of...

5.4CVSS5.6AI score0.00771EPSS
Exploits0Affected Software1
CVE
CVE
added 2021/03/03 5:59 p.m.143 views

CVE-2021-22681

CVE-2021-22681 affects Rockwell Automation Studio 5000 Logix Designer (versions 21+) and RSLogix 5000 (16–20). The issue is “Insufficiently Protected Credentials” (CWE-522): an unauthenticated attacker could bypass the verification key used to confirm Logix controller communication and authentica...

9.8CVSS9.4AI score0.25455EPSS
In wildExploits1References2Affected Software3
Zero Day Initiative
Zero Day Initiative
added 2020/06/22 12:0 a.m.42 views

(Pwn2Own) Rockwell Automation Studio 5000 Version Missing Authentication for Critical Function Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Rockwell Automation Studio 5000. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the Version parameter provided to hmiisapi.dll...

5.3CVSS2AI score0.53024EPSS
Exploits3References1
NVD
NVD
added 2020/04/29 3:15 a.m.15 views

CVE-2019-19100

A privilege escalation vulnerability in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x, 4.2.x, 4.3.11SP, 4.4.9SP, 4.5.4SP, . 4.6.3SP, 4.7.2 and 4.8.1 allow authenticated users to delete arbitrary files via an exposed interface...

7.5CVSS7.6AI score0.00262EPSS
Exploits0References1
OSV
OSV
added 2020/04/29 3:15 a.m.3 views

CVE-2019-19100

A privilege escalation vulnerability in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x, 4.2.x, 4.3.11SP, 4.4.9SP, 4.5.4SP, . 4.6.3SP, 4.7.2 and 4.8.1 allow authenticated users to delete arbitrary files via an exposed interface...

7.1CVSS7.2AI score0.00262EPSS
Exploits0References1
OSV
OSV
added 2020/04/29 3:15 a.m.5 views

CVE-2019-19101

A missing secure communication definition and an incomplete TLS validation in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x, 4.2.x, 4.3.11SP, 4.4.9SP, 4.5.5SP, 4.6.4 and 4.7.2 enable unauthenticated users to perform MITM attacks via the B&R upgrade server...

5.9CVSS5.8AI score0.00515EPSS
Exploits0References1
NVD
NVD
added 2020/04/29 3:15 a.m.27 views

CVE-2019-19102

A directory traversal vulnerability in SharpZipLib used in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x and 4.2.x allow unauthenticated users to write to certain local directories. The vulnerability is also known as zip slip...

7.5CVSS6.4AI score0.01246EPSS
Exploits0References1
Rows per page
Query Builder