Main Vulnerability Database Vulnerabilities #VU26605

#VU26605 Missing Required Cryptographic Step in Automation Studio - CVE-2019-19101

Published: April 6, 2020

Vulnerability identifier: #VU26605

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-19101

CWE-ID: CWE-325

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Automation Studio

Software vendor:
B&R Industrial Automation GmbH

Description

The vulnerability allows a remote attacker to perform a man-in-the-middle (MitM) attack.

The vulnerability exists due to the missing secure communication definition and an incomplete TLS validation in the upgrade service. A remote attacker can perform MitM attacks via the B&R upgrade server.

This vulnerability affects the following versions:

Automation Studio, Versions 4.0.x

Automation Studio, Versions 4.1.x

Automation Studio, Versions 4.2.x

Automation Studio, versions prior to 4.3.11SP

Automation Studio, versions prior to 4.4.9SP

Automation Studio, versions prior to 4.5.4SP

Automation Studio, versions prior to 4.6.3SP

Automation Studio, versions prior to 4.7.2

Automation Studio, versions prior to 4.8.1

Remediation

Install updates from vendor's website.

#VU26605 Missing Required Cryptographic Step in Automation Studio - CVE-2019-19101

Description

Remediation

External links

Please verify you're human