Main Vulnerability Database SB2020022107

SB2020022107 - Improper Authorization in B&R Industrial Automation Automation Studio and Automation Runtime

Published: February 21, 2020

Security Bulletin ID SB2020022107

Severity

High

Patch available

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper Authorization (CVE-ID: CVE-2019-19108)

The vulnerability allows an attacker to bypass authorization checks.

The vulnerability exists due to a weakness in SNMP service. A remote attacker can modify the configuration of affected devices via the service.

The following versions of B&R products are affected:

Automation Studio Versions 2.7, 3.0.71, 3.0.80, 3.0.81, 3.0.90, 4.0.x to 4.6.4, and 4.7.2
Automation Runtime Versions 2.96, 3.00, 3.01, 3.06, 3.07, 3.08 to 3.10, 4.00 to 4.03, 4.04 to 4.03, 4.04 to 4.63, 4.72 and above.

Cybersecurity Help is not aware of any official remediation provided by the vendor.