Br-automation Security Vulnerabilities
A privilege escalation vulnerability in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x, 4.2.x, < 4.3.11SP, < 4.4.9SP, < 4.5.4SP, <. 4.6.3SP, < 4.7.2 and < 4.8.1 allow authenticated users to delete arbitrary files via an exposed interface.
7.5CVSS
6.9AI Score
0.0004EPSS
A missing secure communication definition and an incomplete TLS validation in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x, 4.2.x, < 4.3.11SP, < 4.4.9SP, < 4.5.5SP, < 4.6.4 and < 4.7.2 enable unauthenticated users to perform MITM attacks via the B&R upgrade serv...
6.5CVSS
5.6AI Score
0.001EPSS
A directory traversal vulnerability in SharpZipLib used in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x and 4.2.x allow unauthenticated users to write to certain local directories. The vulnerability is also known as zip slip.
7.5CVSS
7.4AI Score
0.001EPSS
An authentication weakness in the SNMP service in B&R Automation Runtime versions 2.96, 3.00, 3.01, 3.06 to 3.10, 4.00 to 4.63, 4.72 and above allows unauthenticated users to modify the configuration of B&R products via SNMP.
9.4CVSS
9.2AI Score
0.001EPSS
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. PVs could be changed (unencrypted) by using the IosHttp service and the JSON interface.
7.5CVSS
7.5AI Score
0.001EPSS
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. The AprolLoader could be used to inject and execute arbitrary unintended commands via an unspecified attack scenario, a different vulnerability than CVE-2019-16364.
9.8CVSS
9.6AI Score
EPSS
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get information from the AprolSqlServer DBMS by bypassing authentication, a different vulnerability than CVE-2019-16356 and CVE-2019-9983.
7.5CVSS
7.4AI Score
EPSS
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. Some web scripts in the web interface allowed injection and execution of arbitrary unintended commands on the web server, a different vulnerability than CVE-2019-16364.
9.8CVSS
9.7AI Score
EPSS
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. Arbitrary commands could be injected (using Python scripts) via the AprolCluster script that is invoked via sudo and thus executes with root privileges, a different vulnerability than CVE-2019-16364.
9.8CVSS
9.4AI Score
EPSS
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An EnMon PHP script was vulnerable to SQL injection, a different vulnerability than CVE-2019-10006.
9.8CVSS
9.5AI Score
EPSS
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get access to sensitive information outside the working directory via Directory Traversal attacks against AprolSqlServer, a different vulnerability than CVE-2019-16357.
5.3CVSS
5.1AI Score
EPSS
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get access to historical data from AprolSqlServer by bypassing authentication, a different vulnerability than CVE-2019-16358.
7.5CVSS
7.4AI Score
EPSS
A memory leak in the TFTP service in B&R Automation Runtime versions <N4.26, <N4.34, <F4.45, <E4.53, <D4.63, <A4.73 and prior could allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition.
7.5CVSS
7.3AI Score
0.001EPSS
A local file inclusion vulnerability in B&R SiteManager versions <9.2.620236042 allows authenticated users to read sensitive files from SiteManager instances.
7.7CVSS
6.1AI Score
0.001EPSS
The local file inclusion vulnerability present in B&R SiteManager versions <9.2.620236042 allows authenticated users to impact availability of SiteManager instances.
7.7CVSS
6.2AI Score
0.001EPSS
An information disclosure vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to view information of devices belonging to foreign domains.
6.5CVSS
6.1AI Score
0.001EPSS
The information disclosure vulnerability present in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to generate fake audit log messages.
6.5CVSS
6.1AI Score
0.001EPSS
A denial of service vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to limit availability of GateManager instances.
6.5CVSS
6.2AI Score
0.001EPSS
A log information disclosure vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to view log information reserved for other users.
4.3CVSS
4.7AI Score
0.001EPSS
Incorrect Permission Assignment for Critical Resource vulnerability in B&R Industrial Automation Automation Studio allows Privilege Escalation.This issue affects Automation Studio: from 4.6.0 through 4.6.X, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4 SP.
8.8CVSS
8.7AI Score
0.0004EPSS
Unquoted Search Path or Element vulnerability in B&R Industrial Automation Automation Studio, B&R Industrial Automation NET/PVI allows Target Programs with Elevated Privileges.This issue affects Automation Studio: from 4.0 through 4.6, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4....
7.8CVSS
7.6AI Score
0.0004EPSS
Buffer Overflow vulnerability in B&R Automation Runtime webserver allows an unauthenticated network-based attacker to stop the cyclic program on the device and cause a denial of service.
8.6CVSS
8.3AI Score
0.001EPSS
: Relative Path Traversal vulnerability in B&R Industrial Automation Automation Studio allows Relative Path Traversal.This issue affects Automation Studio: from 4.0 through 4.12.
7.5CVSS
7.5AI Score
0.0005EPSS
Improper Control of Generation of Code ('Code Injection') vulnerability in B&R Industrial Automation Automation Studio allows Local Execution of Code.This issue affects Automation Studio: from 4.0 through 4.12.
8.3CVSS
7.8AI Score
0.001EPSS
Improper Input Validation vulnerability in the project upload mechanism in B&R Automation Studio version >=4.0 may allow an unauthenticated network attacker to execute code.
9.8CVSS
9.5AI Score
0.003EPSS
A reflected cross-site scripting (XSS) vulnerability exists in System Diagnostics Manager of B&R Automation Runtime versions >=3.00 and <=C4.93 that enables a remote attacker to execute arbitrary JavaScript in the context of the users browser session.
6.1CVSS
5.9AI Score
0.001EPSS
Missing authentication when creating andmanaging the B&R APROL database in versions < R 4.2-07 allows reading and changing the system configuration.
9.4CVSS
7.6AI Score
0.001EPSS
Lack of verification in B&R APROLTbase server versions < R 4.2-07 may lead to memory leaks when receiving messages
9.8CVSS
9.3AI Score
0.002EPSS
Insufficient check of preconditions could leadto Denial of Service conditions when calling commands on the Tbase server of B&R APROL versions < R 4.2-07.
7.5CVSS
7.6AI Score
0.001EPSS
Insufficient validation of input parameters whenchanging configuration on Tbase server in B&R APROL versions < R 4.2-07 could result in bufferoverflow. This may lead to Denial-of-Service conditions or execution ofarbitrary code.
9.8CVSS
9.3AI Score
0.002EPSS
B&R APROL versions < R 4.2-07 doesn’t process correctly speciallyformatted data packages sent to port 55502/tcp, which may allow a network basedattacker to cause an application Denial-of-Service.
7.5CVSS
7.3AI Score
0.001EPSS
Improper Authentication vulnerability in B&R Industrial Automation B&R VC4 (VNC-Server modules). This vulnerability may allow an unauthenticated network-based attacker to bypass the authentication mechanism of the VC4 visualization on affected devices. The impact of this vulnerability depends on th...
9.8CVSS
9.6AI Score
0.003EPSS
Improper initialization implementation in Portmapper used in B&R Industrial Automation Automation Runtime <G4.93 allows unauthenticated network-based attackers to cause permanent denial-of-service conditions.
8.6CVSS
5.7AI Score
0.001EPSS
A reflectedcross-site scripting (XSS) vulnerability exists in the SVG version of SystemDiagnostics Manager of B&R Automation Runtime versions <= G4.93 thatenables a remote attacker to execute arbitrary JavaScript code in the contextof the attacked user’s browser session.
6.1CVSS
6AI Score
0.001EPSS
The FTP server used on the B&RAutomation Runtime supports unsecure encryption mechanisms, such as SSLv3,TLSv1.0 and TLS1.1. An network-based attacker can exploit the flaws to conductman-in-the-middle attacks or to decrypt communications between the affected productclients.
9.8CVSS
9.3AI Score
0.001EPSS
An untrusted search path vulnerability in the AprolConfigureCCServices of B&R APROL <= R 4.2.-07P3 and <= R 4.4-00P3 may allow an authenticated local attacker to execute arbitrary code with elevated privileges.
7.8CVSS
7.2AI Score
0.0004EPSS
An untrusted search path vulnerability in B&R APROL <= R 4.4-00P3 may be used by an authenticated local attacker to get other users to execute arbitrary code under their privileges.
7.8CVSS
7.1AI Score
0.0004EPSS
Reflected Cross-Site Scripting (XSS) in Shift Logbook application of B&R APROL <= R 4.4-00P3 may allow a network-based attacker to execute arbitrary JavaScript code in the context of the user's browser session
6.1CVSS
5.9AI Score
0.0005EPSS