A missing secure communication definition and an incomplete TLS validation in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x, 4.2.x, < 4.3.11SP, < 4.4.9SP, < 4.5.5SP, < 4.6.4 and < 4.7.2 enable unauthenticated users to perform MITM attacks via the B&R upgrade server.
References
Link | Resource |
---|---|
https://www.br-automation.com/en/downloads/032020-multiple-vulnerabilities-in-automation-studio/ | Broken Link Vendor Advisory |
https://www.br-automation.com/en/downloads/032020-multiple-vulnerabilities-in-automation-studio/ | Broken Link Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 04:34
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 6.5 |
References | () https://www.br-automation.com/en/downloads/032020-multiple-vulnerabilities-in-automation-studio/ - Broken Link, Vendor Advisory |
Information
Published : 2020-04-29 03:15
Updated : 2024-11-21 04:34
NVD link : CVE-2019-19101
Mitre link : CVE-2019-19101
CVE.ORG link : CVE-2019-19101
JSON object : View
Products Affected
br-automation
- automation_studio