Multiple vulnerabilities in B&R Automation Studio



Published: 2020-04-06
Risk Medium
Patch available YES
Number of vulnerabilities 3
CVE-ID CVE-2019-19100
CVE-2019-19101
CVE-2019-19102
CWE-ID CWE-264
CWE-325
CWE-22
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		Automation Studio
Other software / Other software solutions

Vendor B&R Industrial Automation GmbH

Security Bulletin

This security bulletin contains information about 3 vulnerabilities.

1) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU26604

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-19100

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper permission checks in the upgrade service. A local user can delete arbitrary files via an exposed interface.

This vulnerability affects the following versions:

  • Automation Studio, Versions 4.0.x
  • Automation Studio, Versions 4.1.x
  • Automation Studio, Versions 4.2.x
  • Automation Studio, versions prior to 4.3.11SP
  • Automation Studio, versions prior to 4.4.9SP
  • Automation Studio, versions prior to 4.5.4SP
  • Automation Studio, versions prior to 4.6.3SP
  • Automation Studio, versions prior to 4.7.2
  • Automation Studio, versions prior to 4.8.1

    • Mitigation

    Install updates from vendor's website.

    Vulnerable software versions

    Automation Studio: before 4.8.1

    CPE2.3 External links

    http://ics-cert.us-cert.gov/advisories/icsa-20-093-01
    http://www.br-automation.com/en-gb/service/cyber-security/

    Q & A

    Can this vulnerability be exploited remotely?

    Is there known malware, which exploits this vulnerability?

    2) Missing Required Cryptographic Step

    EUVDB-ID: #VU26605

    Risk: Medium

    CVSSv3.1:

    CVE-ID: CVE-2019-19101

    CWE-ID: CWE-325 - Missing Required Cryptographic Step

    Exploit availability: No

    Description

    The vulnerability allows a remote attacker to perform a man-in-the-middle (MitM) attack.

    The vulnerability exists due to the missing secure communication definition and an incomplete TLS validation in the upgrade service. A remote attacker can perform MitM attacks via the B&R upgrade server. 

    This vulnerability affects the following versions:

  • Automation Studio, Versions 4.0.x
  • Automation Studio, Versions 4.1.x
  • Automation Studio, Versions 4.2.x
  • Automation Studio, versions prior to 4.3.11SP
  • Automation Studio, versions prior to 4.4.9SP
  • Automation Studio, versions prior to 4.5.4SP
  • Automation Studio, versions prior to 4.6.3SP
  • Automation Studio, versions prior to 4.7.2
  • Automation Studio, versions prior to 4.8.1

    • Mitigation

    Install updates from vendor's website.

    Vulnerable software versions

    Automation Studio: before 4.8.1

    CPE2.3 External links

    http://ics-cert.us-cert.gov/advisories/icsa-20-093-01
    http://www.br-automation.com/en-gb/service/cyber-security/

    Q & A

    Can this vulnerability be exploited remotely?

    Is there known malware, which exploits this vulnerability?

    3) Path traversal

    EUVDB-ID: #VU26606

    Risk: Low

    CVSSv3.1:

    CVE-ID: CVE-2019-19102

    CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

    Exploit availability: No

    Description

    The vulnerability allows a local attacker to perform directory traversal attacks.

    The vulnerability exists due to input validation error when processing directory traversal sequences in SharpZipLib used in the upgrade service. A local attacker can send a specially crafted HTTP request and read arbitrary files on the system.

    This vulnerability affects the following versions:

  • Automation Studio, Versions 4.0.x
  • Automation Studio, Versions 4.1.x
  • Automation Studio, Versions 4.2.x
  • Automation Studio, versions prior to 4.3.11SP
  • Automation Studio, versions prior to 4.4.9SP
  • Automation Studio, versions prior to 4.5.4SP
  • Automation Studio, versions prior to 4.6.3SP
  • Automation Studio, versions prior to 4.7.2
  • Automation Studio, versions prior to 4.8.1

    • Mitigation

    Install update from vendor's website.

    Vulnerable software versions

    Automation Studio: before 4.8.1

    CPE2.3 External links

    http://ics-cert.us-cert.gov/advisories/icsa-20-093-01
    http://www.br-automation.com/en-gb/service/cyber-security/

    Q & A

    Can this vulnerability be exploited remotely?

    Is there known malware, which exploits this vulnerability?



    ###SIDEBAR###