37 matches found
CVE-2021-22280
Improper DLL loading algorithms in B Automation Studio versions =4.0 and 4.12 may allow an authenticated local attacker to execute code in the context of the product...
CVE-2021-22289
Improper Input Validation vulnerability in the project upload mechanism in B Automation Studio version =4.0 may allow an unauthenticated network attacker to execute code...
EUVD-2019-8737
Malware in sbrugna...
EUVD-2019-8738
Malware in sbrugna...
EUVD-2019-8739
Malware in sbrugna...
EUVD-2021-9435
Malicious code in bioql PyPI...
EUVD-2021-9427
Malicious code in bioql PyPI...
EUVD-2021-9426
Malicious code in bioql PyPI...
CVE-2019-19101
A missing secure communication definition and an incomplete TLS validation in the upgrade service in B Automation Studio versions 4.0.x, 4.1.x, 4.2.x, 4.3.11SP, 4.4.9SP, 4.5.5SP, 4.6.4 and 4.7.2 enable unauthenticated users to perform MITM attacks via the B upgrade server...
CVE-2019-19102
A directory traversal vulnerability in SharpZipLib used in the upgrade service in B Automation Studio versions 4.0.x, 4.1.x and 4.2.x allow unauthenticated users to write to certain local directories. The vulnerability is also known as zip slip...
CVE-2019-19100
A privilege escalation vulnerability in the upgrade service in B Automation Studio versions 4.0.x, 4.1.x, 4.2.x, 4.3.11SP, 4.4.9SP, 4.5.4SP, . 4.6.3SP, 4.7.2 and 4.8.1 allow authenticated users to delete arbitrary files via an exposed interface...
CVE-2021-22280
Improper DLL loading algorithms in B&R Automation Studio versions =4.0 and 4.12 may allow an authenticated local attacker to execute code in the context of the product...
CVE-2021-22280
CVE-2021-22280 крат: B&R Automation Studio versions 4.0–4.11 suffer from improper DLL loading, enabling an authenticated local attacker to execute code in the product context. The issue is confirmed across multiple sources (PT-2024-10875, Red Hat/NVD records). Impact is local code execution with ...
CVE-2024-0220 B&R products use insufficient communication encryption
B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive data...
CVE-2024-0220
Affected software: B&R Automation Studio Upgrade Service and B&R Technology Guarding. Issue: insufficient cryptography in communications with upgrade and licensing servers, enabling a network attacker to potentially execute arbitrary code or sniff sensitive data. Root cause: cryptographic weaknes...
CVE-2024-0220 B&R products use insufficient communication encryption
B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive data...
CVE-2021-22281 Zip Slip Vulnerability in B&R Automation Studio Project Import
: Relative Path Traversal vulnerability in B&R Industrial Automation Automation Studio allows Relative Path Traversal.This issue affects Automation Studio: from 4.0 through 4.12...
CVE-2021-22281 Zip Slip Vulnerability in B&R Automation Studio Project Import
: Relative Path Traversal vulnerability in B&R Industrial Automation Automation Studio allows Relative Path Traversal.This issue affects Automation Studio: from 4.0 through 4.12...
CVE-2021-22282 RCE in B&R Automation Studio with crafted project files
Improper Control of Generation of Code 'Code Injection' vulnerability in B&R Industrial Automation Automation Studio allows Local Execution of Code.This issue affects Automation Studio: from 4.0 through 4.12...
CVE-2021-22282
The CVE-2021-22282 issue affects B&R Industrial Automation Automation Studio versions 4.0–4.12. The root cause is an improper control of code generation stemming from an improper copy algorithm in the project extraction component, which can enable local code execution. The impact is that an unaut...