111 matches found
CVE-2021-22289
CVE-2021-22289 affects B&R Automation Studio 4 (version >= 4.0) and targets the project upload mechanism. It stems from improper input validation and could allow an unauthenticated network attacker to execute code remotely. Documents describe potential remote code execution, information disclo...
B&R Automation Studio 输入验证错误漏洞
B&R Automation Studio is an integrated software development environment from B&R Automation, an Austrian company. A security vulnerability exists in B&R Automation Studio versions above 4.0, which stems from an input validation vulnerability in the project upload mechanism that could allow an...
Hackers Increasingly Using Browser Automation Frameworks for Malicious Activities
Cybersecurity researchers are calling attention to a free-to-use browser automation framework that's being increasingly used by threat actors as part of their attack campaigns. "The framework contains numerous features which we assess may be utilized in the enablement of malicious activities,"...
Rockwell Automation Studio 5000 Logix Designer Improper Control of Generation of Code (CVE-2022-1159)
Rockwell Automation Studio 5000 Logix Designer all versions are vulnerable when an attacker who achieves administrator access on a workstation running Studio 5000 Logix Designer could inject controller code undetectable to a user. This plugin only works with Tenable.ot. Please visit...
CVE-2022-26022 Rockwell Automation Studio 5000 Logix Designer Out-of-Bounds Write
Omron CX-Position versions 2.5.3 and prior is vulnerable to an out-of-bounds write while processing a specific project file, which may allow an attacker to execute arbitrary code...
CVE-2022-26417 Rockwell Automation Studio 5000 Logix Designer Use After Free
Omron CX-Position versions 2.5.3 and prior is vulnerable to a use after free memory condition while processing a specific project file, which may allow an attacker to execute arbitrary code...
CVE-2022-25959 Rockwell Automation Studio 5000 Logix Designer Improper Restriction of Operations within the Bounds of a Memory Buffer
Omron CX-Position versions 2.5.3 and prior is vulnerable to memory corruption while processing a specific project file, which may allow an attacker to execute arbitrary code...
IBM Cloud Pak for Automation Input Validation Error Vulnerability
IBM Cloud Pak for Automation is an intelligent software platform for building automation applications in cloud environments from IBM USA. The platform uses pre-integrated automation technologies and low-code tools to design, build and run automation applications and services on any cloud. A...
CVE-2021-29872
IBM Cloud Pak for Automation 21.0.1 and 21.0.2 - Business Automation Studio Component is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP...
CVE-2021-29872
IBM Cloud Pak for Automation 21.0.1 and 21.0.2 - Business Automation Studio Component is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP...
Cross site scripting
IBM Cloud Pak for Automation 21.0.1 and 21.0.2 - Business Automation Studio Component is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP...
CVE-2021-29872
IBM Cloud Pak for Automation 21.0.1 and 21.0.2 – Business Automation Studio component is vulnerable to HTTP header injection due to improper HOST header validation. A remote attacker can craft requests to inject the HOST header, enabling attacks such as cross-site scripting, cache poisoning, or s...
IBM Cloud Pak for Automation 安全漏洞
IBM Cloud Pak for Automation is an intelligent software platform for building automation applications in cloud environments from IBM USA. The platform uses pre-integrated automation technologies and low-code tools to design, build and run automation applications and services on any cloud. A...
Security Bulletin: Host header injection vulnerability in Business Automation Studio in Cloud Pak for Automation (CVE-2021-29872)
Summary Business Automation Studio in IBM Cloud Pak for Automation is vulnerable to a host header injection attack. Vulnerability Details CVEID: CVE-2021-29872 DESCRIPTION: IBM ICP4A - Business Automation Studio Component is vulnerable to HTTP header injection, caused by improper validation of...
CVE-2021-22681
CVE-2021-22681 affects Rockwell Automation Studio 5000 Logix Designer (versions 21+) and RSLogix 5000 (16–20). The issue is “Insufficiently Protected Credentials” (CWE-522): an unauthenticated attacker could bypass the verification key used to confirm Logix controller communication and authentica...
(Pwn2Own) Rockwell Automation Studio 5000 Version Missing Authentication for Critical Function Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Rockwell Automation Studio 5000. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the Version parameter provided to hmiisapi.dll...
CVE-2019-19100
A privilege escalation vulnerability in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x, 4.2.x, 4.3.11SP, 4.4.9SP, 4.5.4SP, . 4.6.3SP, 4.7.2 and 4.8.1 allow authenticated users to delete arbitrary files via an exposed interface...
CVE-2019-19100
A privilege escalation vulnerability in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x, 4.2.x, 4.3.11SP, 4.4.9SP, 4.5.4SP, . 4.6.3SP, 4.7.2 and 4.8.1 allow authenticated users to delete arbitrary files via an exposed interface...
CVE-2019-19101
A missing secure communication definition and an incomplete TLS validation in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x, 4.2.x, 4.3.11SP, 4.4.9SP, 4.5.5SP, 4.6.4 and 4.7.2 enable unauthenticated users to perform MITM attacks via the B&R upgrade server...
CVE-2019-19102
A directory traversal vulnerability in SharpZipLib used in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x and 4.2.x allow unauthenticated users to write to certain local directories. The vulnerability is also known as zip slip...