Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-19101 | 1 Br-automation | 1 Automation Studio | 2021-11-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| A missing secure communication definition and an incomplete TLS validation in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x, 4.2.x, < 4.3.11SP, < 4.4.9SP, < 4.5.5SP, < 4.6.4 and < 4.7.2 enable unauthenticated users to perform MITM attacks via the B&R upgrade server. | |||||
| CVE-2019-19100 | 1 Br-automation | 1 Automation Studio | 2021-09-14 | 3.6 LOW | 7.1 HIGH |
| A privilege escalation vulnerability in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x, 4.2.x, < 4.3.11SP, < 4.4.9SP, < 4.5.4SP, <. 4.6.3SP, < 4.7.2 and < 4.8.1 allow authenticated users to delete arbitrary files via an exposed interface. | |||||
| CVE-2019-19102 | 1 Br-automation | 1 Automation Studio | 2020-05-08 | 5.0 MEDIUM | 7.5 HIGH |
| A directory traversal vulnerability in SharpZipLib used in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x and 4.2.x allow unauthenticated users to write to certain local directories. The vulnerability is also known as zip slip. | |||||
| CVE-2019-19108 | 1 Br-automation | 2 Automation Runtime, Automation Studio | 2020-04-29 | 7.5 HIGH | 9.4 CRITICAL |
| An authentication weakness in the SNMP service in B&R Automation Runtime versions 2.96, 3.00, 3.01, 3.06 to 3.10, 4.00 to 4.63, 4.72 and above allows unauthenticated users to modify the configuration of B&R products via SNMP. | |||||