B&R Industrial Automation Security Vulnerabilities

Security Bulletin: IBM Automation Decision Services - April 2024 -Multiple CVEs addressed

Summary IBM Automation Decision Services is vulnerable to denial of service attacks in third party and open source used in the product for various functions. See full list below. This vulnerability has been addressed. Vulnerability Details ** CVEID: CVE-2024-31906 DESCRIPTION: **IBM Automation...

ECOA Building Automation System - Arbitrary File Retrieval

The ECOA BAS controller suffers from an arbitrary file disclosure vulnerability. Using the 'fname' POST parameter in viewlog.jsp, attackers can disclose arbitrary files on the affected device and disclose sensitive and system...

K000139653: Intel(R) QAT Library vulnerability CVE-2023-22313

Security Advisory Description Improper buffer restrictions in some Intel(R) QAT Library software before version 22.07.1 may allow a privileged user to potentially enable information disclosure via local access. (CVE-2023-22313) Impact There is no impact; F5 products are not affected by this...

Improper use of metav1.Duration allows for Denial of Service

Flux controllers within the affected versions range are vulnerable to a denial of service attack. Users that have permissions to change Flux’s objects, either through a Flux source or directly within a cluster, can provide invalid data to fields .spec.interval or .spec.timeout (and structured...

CVE-2022-33324

Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions "32" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "65" and prior, Mitsubishi Electric Corporation...

Threat landscape for industrial automation systems, Q1 2024

Global statistics Statistics across all threats In the first quarter of 2024, the percentage of ICS computers on which malicious objects were blocked decreased by 0.3 pp from the previous quarter to 24.4%. Compared to the first quarter of 2023, the percentage decreased by 1.3 pp. Percentage of...

Open Automation Software OAS Platform V16.00.0121 - Missing Authentication

An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the REST API. An attacker can send a series of HTTP requests to trigger this...

ECOA Building Automation System - Directory Traversal Content Disclosure

The ECOA BAS controller suffers from a directory traversal content disclosure vulnerability. Using the GET parameter cpath in File Manager (fmangersub), attackers can disclose directory content on the affected...

CVE-2024-2637

An Uncontrolled Search Path Element vulnerability in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automation mapp View, B&R Industrial Automation mapp Cockpit, B&R Industrial Automation mapp Safety, B&R.....

CVE-2023-6028

A reflected cross-site scripting (XSS) vulnerability exists in the SVG version of System Diagnostics Manager of B&R Automation Runtime versions <= G4.93 that enables a remote attacker to execute arbitrary JavaScript code in the context of the attacked user’s browser...

CVE-2024-34913

An arbitrary file upload vulnerability in r-pan-scaffolding v5.0 and below allows attackers to execute arbitrary code via uploading a crafted PDF...

CVE-2024-2637 Insecure Loading of Code in B&R Products

An Uncontrolled Search Path Element vulnerability in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automation mapp View, B&R Industrial Automation mapp Cockpit, B&R Industrial Automation mapp Safety, B&R.....

Security Bulletin: IBM WebSphere Automation is vulnerable to cross-site scripting (CVE-2024-28775)

Summary IBM WebSphere Automation is vulnerable to cross-site scripting. Vulnerability Details ** CVEID: CVE-2024-28775 DESCRIPTION: **IBM WebSphere Automation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the...

CVE-2024-2637 Insecure Loading of Code in B&R Products

An Uncontrolled Search Path Element vulnerability in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automation mapp View, B&R Industrial Automation mapp Cockpit, B&R Industrial Automation mapp Safety, B&R.....

CVE-2022-38710

IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version information that could aid in further attacks against the system. IBM X-Force ID:...

CVE-2024-37304

NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability related to its handling of autolinks in Markdown content. While the platform properly filters out JavaScript from standard links, it does not adequately sanitize autolinks. This oversight...

VMware Workspace ONE Access/Identity Manager/vRealize Automation - Authentication Bypass

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to...

Exploit for Improper Authentication in Ivanti Automation

PoC for CVE-2022-44569 for Ivanti Automation Manager,...

CVE-2024-0323

The FTP server used on the B&R Automation Runtime supports unsecure encryption mechanisms, such as SSLv3, TLSv1.0 and TLS1.1. An network-based attacker can exploit the flaws to conduct man-in-the-middle attacks or to decrypt communications between the affected product...

CVE-2023-3242

Improper initialization implementation in Portmapper used in B&R Industrial Automation Automation...

CVE-2023-45158

An OS command injection vulnerability exists in web2py 2.24.1 and earlier. When the product is configured to use notifySendHandler for logging (not the default configuration), a crafted web request may execute an arbitrary OS command on the web server using the...

Denial of service in flux controllers in github.com/fluxcd modules

Flux controllers are vulnerable to a denial of service attack. Users that have permissions to change Flux's objects, either through a Flux source or directly within a cluster, can provide invalid data to fields .spec.interval or .spec.timeout (and structured variations of these fields), causing...

Security Bulletin: IBM WebSphere Automation is vulnerable to a Privilege Escalation vulnerability (CVE-2024-28764)

Summary IBM WebSphere Automation is vulnerable to a Privilege Escalation vulnerability. Vulnerability Details ** CVEID: CVE-2024-28764 DESCRIPTION: **IBM WebSphere Automation could allow an attacker with privileged access to the network to conduct a CSV injection. An attacker could execute...

CVE-2023-3971

An HTML injection flaw was found in Controller in the user interface settings. This flaw allows an attacker to capture credentials by creating a custom login page by injecting HTML, resulting in a complete...

CVE-2023-5828

A vulnerability was found in Nanning Ontall Longxing Industrial Development Zone Project Construction and Installation Management System up to 20231026. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.aspx. The manipulation of the...

Regular Expression Denial Of Service (ReDoS)

django is vulnerable to Regular Expression Denial of Service (ReDoS). A remote attacker is able to cause denial of service conditions through the EmailValidator or URLValidator functions via submitting a large number of domain name labels of emails and...

CVE-2024-2637

An Uncontrolled Search Path Element vulnerability in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automation mapp View, B&R Industrial Automation mapp Cockpit, B&R Industrial Automation mapp Safety, B&R.....

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.5

Summary In addition to updates of open source dependencies, the following security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.5 Vulnerability Details ** CVEID: CVE-2022-1471 DESCRIPTION: **SnakeYaml could allow a remote authenticated attacker to execute...

R Programming Language Installed (Windows)

The R Programming Language is installed on the remote Windows...

RHEL 8 : r (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. R: local buffer overflow in GUI preferences (CVE-2018-9060) Note that Nessus has not tested for this issue but has...

Security Bulletin: IBM Workload Automation potentially affected by multiple vulnerabilities in Java.

Summary IBM Workload Automation potentially vulnerable to multiple vulnerabilities in Java that can cause integrity, availability, information disclosure issues (CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-21968, CVE-2023-21937, CVE-2023-21938, CVE-2023-2597)...

CVE-2022-3205

Cross site scripting in automation controller UI in Red Hat Ansible Automation Platform 1.2 and 2.0 where the project name is susceptible to XSS...

CVE-2024-0220

B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive...

RHEL 8 : r (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. R: local buffer overflow in GUI preferences (CVE-2018-9060) Note that Nessus has not tested for this issue but has...

CVE-2021-22280

Improper DLL loading algorithms in B&R Automation Studio versions >=4.0 and <4.12 may allow an authenticated local attacker to execute code in the context of the...

CVE-2020-9015

Arista DCS-7050QX-32S-R 4.20.9M, DCS-7050CX3-32S-R 4.20.11M, and DCS-7280SRAM-48C6-R 4.22.0.1F devices (and possibly other products) allow attackers to bypass intended TACACS+ shell restrictions via a | character. NOTE: the vendor reports that this is a configuration issue relating to an overly...

Invisible PiP windows in R

In getMinimalSize of PipBoundsAlgorithm.java, there is a possible bypass of restrictions on background processes due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

Security Bulletin: WebSphere Application Server traditional is vulnerable to a server-side request forgery (SSRF) vulnerability (CVE-2024-22329)

Summary A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager ( CVE-2024-22329) Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section Affected Products and Versions...

Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFix for April 2024.

Summary Security vulnerabilities are addressed with IBM Business Automation Insights 23.0.2-IF004. Vulnerability Details ** CVEID: CVE-2024-29041 DESCRIPTION: **Express.js Express could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker...

CVE-2018-19093

An issue has been found in libIEC61850 v1.3. It is a SEGV in ControlObjectClient_setCommandTerminationHandler in client/client_control.c. NOTE: the software maintainer disputes this because it requires incorrect usage of the client_example_control...

Security Bulletin: IBM Event Processing is vulnerable to high confidentiality, integrity and availability impacts (CVE-2023-22102).

Summary MySQL Connector/J versions used by IBM Event Processing are susceptible to a difficult to exploit vulnerability that could allow an unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person....

CVE-2022-33146

Open redirect vulnerability in web2py versions prior to 2.22.5 allows a remote attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted...

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Buinses Automation Workflow (CVE-2024-22354)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletin(s).....

Security Bulletin: IBM Event Endpoint Management is vulnerable to a denial of service attack (CVE-2023-51074).

Summary IBM Event Endpoint Management is vulnerable to a denial of service due to json-path component, caused by a stack-based buffer overflow in the Criteria.parse method.It is a query language for JSON, similar to XPath for XML. It allows you to select and extract data from a JSON document. ...

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Buinses Automation Workflow (CVE-2024-22329)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletin(s).....

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow (CVE-2024-24795, CVE-2023-38709)

Summary WebSphere Application Server Traditional is shipped as a component of IBM Business Automation Workflow. WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server (since 8.5.6), and User Management Service (since 18.0.0.1) in IBM Business...

Security Bulletin: WebSphere Application Server traditional could provide weaker than expected security for outbound SSL connections (CVE-2023-50313 )

Summary WebSphere Application Server is shipped with IBM Tivoli System Automation Application Manager. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletin(s) listed in the.....

Security Bulletin: IBM Event Processing is vulnerable to conduct phishing attacks, caused by an open redirect vulnerability (CVE-2023-26159).

Summary There is a vulnerability in follow-redirects used by IBM Event Processing which is categorized as an Improper Input Validation vulnerability due to the improper handling of URLs by the url.parse() function. This vulnerability can be exploited by manipulating the hostname when new URL()...

Security Bulletin: IBM Event Processing is vulnerable to a denial of service attack (CVE-2023-51074).

Summary IBM Event Processing is vulnerable to a denial of service due to json-path component , caused by a stack-based buffer overflow in the Criteria.parse method. It is a query language for JSON, similar to XPath for XML. It allows you to select and extract data from a JSON document. ...

Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to an XML External Entity (XXE) injection vulnerability.

Summary A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager ( CVE-2024-22354 ) Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section Affected Products and Versions...