#VU25500 Improper Authorization in Automation Studio and Automation Runtime - CVE-2019-19108
Vulnerability identifier: #VU25500
Vulnerability risk: High
CVSSv4.0: 6.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID:
CWE-ID:
CWE-285
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Automation Studio
Other software /
Other software solutions
Automation Runtime
Server applications /
Frameworks for developing and running applications
Vendor: B&R Industrial Automation GmbH
Description
The vulnerability allows an attacker to bypass authorization checks.
The vulnerability exists due to a weakness in SNMP service. A remote attacker can modify the configuration of affected devices via the service.
The following versions of B&R products are affected:
- Automation Studio Versions 2.7, 3.0.71, 3.0.80, 3.0.81, 3.0.90, 4.0.x to 4.6.4, and 4.7.2
- Automation Runtime Versions 2.96, 3.00, 3.01, 3.06, 3.07, 3.08 to 3.10, 4.00 to 4.03, 4.04 to 4.03, 4.04 to 4.63, 4.72 and above.
Mitigation
Vendor recommends to update to the following versions.
- AS 4.6.5 (Planned release date: 2020-03-27) and higher
- AS 4.7.3 (Planned release date: 2020-04-10) and higher
- AS 4.8.2 (Planned release date: 2020-06-11) and higher
Vulnerable software versions
Automation Studio: All versions
Automation Runtime: All versions
External links
https://ics-cert.us-cert.gov/advisories/icsa-20-051-01
https://www.br-automation.com/en/downloads/012020-automation-runtime-snmp-authentication-weakness/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
