SB2020040611 - Multiple vulnerabilities in B&R Automation Studio

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020040611

SB2020040611 - Multiple vulnerabilities in B&R Automation Studio

Published: April 6, 2020

Security Bulletin ID SB2020040611
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 33% Low 67%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 vulnerabilities.


1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-19100)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper permission checks in the upgrade service. A local user can delete arbitrary files via an exposed interface.

This vulnerability affects the following versions:

  • Automation Studio, Versions 4.0.x
  • Automation Studio, Versions 4.1.x
  • Automation Studio, Versions 4.2.x
  • Automation Studio, versions prior to 4.3.11SP
  • Automation Studio, versions prior to 4.4.9SP
  • Automation Studio, versions prior to 4.5.4SP
  • Automation Studio, versions prior to 4.6.3SP
  • Automation Studio, versions prior to 4.7.2
  • Automation Studio, versions prior to 4.8.1

    • 2) Missing Required Cryptographic Step (CVE-ID: CVE-2019-19101)

    CWE-ID: CWE-325 - Missing Required Cryptographic Step

    CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


    The vulnerability allows a remote attacker to perform a man-in-the-middle (MitM) attack.

    The vulnerability exists due to the missing secure communication definition and an incomplete TLS validation in the upgrade service. A remote attacker can perform MitM attacks via the B&R upgrade server. 

    This vulnerability affects the following versions:

  • Automation Studio, Versions 4.0.x
  • Automation Studio, Versions 4.1.x
  • Automation Studio, Versions 4.2.x
  • Automation Studio, versions prior to 4.3.11SP
  • Automation Studio, versions prior to 4.4.9SP
  • Automation Studio, versions prior to 4.5.4SP
  • Automation Studio, versions prior to 4.6.3SP
  • Automation Studio, versions prior to 4.7.2
  • Automation Studio, versions prior to 4.8.1

    • 3) Path traversal (CVE-ID: CVE-2019-19102)

    CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

    CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


    The vulnerability allows a local attacker to perform directory traversal attacks.

    The vulnerability exists due to input validation error when processing directory traversal sequences in SharpZipLib used in the upgrade service. A local attacker can send a specially crafted HTTP request and read arbitrary files on the system.

    This vulnerability affects the following versions:

  • Automation Studio, Versions 4.0.x
  • Automation Studio, Versions 4.1.x
  • Automation Studio, Versions 4.2.x
  • Automation Studio, versions prior to 4.3.11SP
  • Automation Studio, versions prior to 4.4.9SP
  • Automation Studio, versions prior to 4.5.4SP
  • Automation Studio, versions prior to 4.6.3SP
  • Automation Studio, versions prior to 4.7.2
  • Automation Studio, versions prior to 4.8.1

    • Remediation

    Install update from vendor's website.

    References