SB2020040611 - Multiple vulnerabilities in B&R Automation Studio

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020040611

SB2020040611 - Multiple vulnerabilities in B&R Automation Studio

Published: April 6, 2020

Security Bulletin ID SB2020040611
Severity
Medium
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 33% Low 67%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-19100)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper permission checks in the upgrade service. A local user can delete arbitrary files via an exposed interface.

This vulnerability affects the following versions:

  • Automation Studio, Versions 4.0.x
  • Automation Studio, Versions 4.1.x
  • Automation Studio, Versions 4.2.x
  • Automation Studio, versions prior to 4.3.11SP
  • Automation Studio, versions prior to 4.4.9SP
  • Automation Studio, versions prior to 4.5.4SP
  • Automation Studio, versions prior to 4.6.3SP
  • Automation Studio, versions prior to 4.7.2
  • Automation Studio, versions prior to 4.8.1

    • 2) Missing Required Cryptographic Step (CVE-ID: CVE-2019-19101)

    The vulnerability allows a remote attacker to perform a man-in-the-middle (MitM) attack.

    The vulnerability exists due to the missing secure communication definition and an incomplete TLS validation in the upgrade service. A remote attacker can perform MitM attacks via the B&R upgrade server. 

    This vulnerability affects the following versions:

  • Automation Studio, Versions 4.0.x
  • Automation Studio, Versions 4.1.x
  • Automation Studio, Versions 4.2.x
  • Automation Studio, versions prior to 4.3.11SP
  • Automation Studio, versions prior to 4.4.9SP
  • Automation Studio, versions prior to 4.5.4SP
  • Automation Studio, versions prior to 4.6.3SP
  • Automation Studio, versions prior to 4.7.2
  • Automation Studio, versions prior to 4.8.1

    • 3) Path traversal (CVE-ID: CVE-2019-19102)

    The vulnerability allows a local attacker to perform directory traversal attacks.

    The vulnerability exists due to input validation error when processing directory traversal sequences in SharpZipLib used in the upgrade service. A local attacker can send a specially crafted HTTP request and read arbitrary files on the system.

    This vulnerability affects the following versions:

  • Automation Studio, Versions 4.0.x
  • Automation Studio, Versions 4.1.x
  • Automation Studio, Versions 4.2.x
  • Automation Studio, versions prior to 4.3.11SP
  • Automation Studio, versions prior to 4.4.9SP
  • Automation Studio, versions prior to 4.5.4SP
  • Automation Studio, versions prior to 4.6.3SP
  • Automation Studio, versions prior to 4.7.2
  • Automation Studio, versions prior to 4.8.1

    • Remediation

    Install update from vendor's website.

    References