Br-automation Automation_studio
10 CVEs affecting Br-automation Automation_studio. Latest disclosed: 2024-05-14. Critical: 1, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2019-19108 | Critical | 9.4 | 2020-04-20 | An authentication weakness in the SNMP service in B&R Automation Runtime versions 2.96, 3.00, 3.01, 3.06 to 3.10, 4.00 to 4.63, 4.72 and above allows unauthent… |
CVE-2024-0220 | High | 8.3 | 2024-02-22 | B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A n… |
CVE-2021-22282 | High | 8.3 | 2024-02-02 | Improper Control of Generation of Code ('Code Injection') vulnerability in B&R Industrial Automation Automation Studio allows Local Execution of Code.This issu… |
CVE-2020-24681 | High | 8.2 | 2024-02-02 | Incorrect Permission Assignment for Critical Resource vulnerability in B&R Industrial Automation Automation Studio allows Privilege Escalation.This issue affec… |
CVE-2019-19100 | High | 7.5 | 2020-04-29 | A privilege escalation vulnerability in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x, 4.2.x, < 4.3.11SP, < 4.4.9SP, < 4.5.4SP, <. 4.6.3SP… |
CVE-2021-22280 | High | 7.2 | 2024-05-14 | Improper DLL loading algorithms in B&R Automation Studio versions >=4.0 and <4.12 may allow an authenticated local attacker to execute code in the context of t… |
CVE-2020-24682 | High | 7.2 | 2024-02-02 | Unquoted Search Path or Element vulnerability in B&R Industrial Automation Automation Studio, B&R Industrial Automation NET/PVI allows Target Programs with Ele… |
CVE-2019-19101 | Medium | 6.5 | 2020-04-29 | A missing secure communication definition and an incomplete TLS validation in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x, 4.2.x, < 4.3… |
CVE-2021-22281 | Medium | 6.3 | 2024-02-02 | : Relative Path Traversal vulnerability in B&R Industrial Automation Automation Studio allows Relative Path Traversal.This issue affects Automation Studio: fro… |
CVE-2019-19102 | Medium | 5.5 | 2020-04-29 | A directory traversal vulnerability in SharpZipLib used in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x and 4.2.x allow unauthenticated u… |