CVE-2019-19101

A missing secure communication definition and an incomplete TLS validation in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x, 4.2.x, < 4.3.11SP, < 4.4.9SP, < 4.5.5SP, < 4.6.4 and < 4.7.2 enable unauthenticated users to perform MITM attacks via the B&R upgrade server.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:br-automation:automation_studio:*:*:*:*:*:*:*:*
cpe:2.3:a:br-automation:automation_studio:*:*:*:*:*:*:*:*
cpe:2.3:a:br-automation:automation_studio:*:*:*:*:*:*:*:*
cpe:2.3:a:br-automation:automation_studio:*:*:*:*:*:*:*:*
cpe:2.3:a:br-automation:automation_studio:*:*:*:*:*:*:*:*
cpe:2.3:a:br-automation:automation_studio:*:*:*:*:*:*:*:*
cpe:2.3:a:br-automation:automation_studio:*:*:*:*:*:*:*:*
cpe:2.3:a:br-automation:automation_studio:*:*:*:*:*:*:*:*

History

21 Nov 2024, 04:34

Type Values Removed Values Added
CVSS v2 : 4.3
v3 : 5.9
v2 : 4.3
v3 : 6.5
References () https://www.br-automation.com/en/downloads/032020-multiple-vulnerabilities-in-automation-studio/ - Broken Link, Vendor Advisory () https://www.br-automation.com/en/downloads/032020-multiple-vulnerabilities-in-automation-studio/ - Broken Link, Vendor Advisory

Information

Published : 2020-04-29 03:15

Updated : 2024-11-21 04:34


NVD link : CVE-2019-19101

Mitre link : CVE-2019-19101

CVE.ORG link : CVE-2019-19101


JSON object : View

Products Affected

br-automation

  • automation_studio
CWE
CWE-326

Inadequate Encryption Strength

CWE-295

Improper Certificate Validation