Vulnerability in B&r Automation Runtime
CVE-2019-19108
An authentication weakness in the SNMP service in B&R Automation Runtime versions 2.96, 3.00, 3.01, 3.06 to 3.10, 4.00 to 4.63, 4.72 and above allows unauthenticated users to modify the configuration of B&R products via SNMP.
EPSS: 0.017 (73.6th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 9.4 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H.
Affected products
- B&r Automation Runtime — versions 2 <= 2.96, 3 <= 3.10, 4 <= 4.72
- Br-automation Automation_runtime — versions 2.96, 3.00, 3.01
- Br-automation Automation_studio — versions 2.7, 3.0.71, 3.0.80
Weakness classification (CWE)
References
- cybersecurity@ch.abb.com (x_refsource_CONFIRM, Vendor Advisory)
- cybersecurity@ch.abb.com (US Government Resource, Third Party Advisory, x_refsource_MISC)
Frequently asked questions
- What is CVE-2019-19108?
- CVE-2019-19108 is a critical-severity vulnerability in B&r Automation Runtime, classified under Use of Hard-coded Credentials. CVSS score: 9.4/10. Published 2020-04-20.
- How severe is CVE-2019-19108?
- Critical severity. CVSS v3 base score is 9.4 out of 10.