CVE-2019-19101
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Summary
A missing secure communication definition and an incomplete TLS validation in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x, 4.2.x, < 4.3.11SP, < 4.4.9SP, < 4.5.5SP, < 4.6.4 and < 4.7.2 enable unauthenticated users to perform MITM attacks via the B&R upgrade server.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| B&R | Automation Studio | 4.0.x | affected |
| B&R | Automation Studio | 4.1.x | affected |
| B&R | Automation Studio | 4.2.x | affected |
| B&R | Automation Studio | < 4.3.11SP | affected |
| B&R | Automation Studio | < 4.4.9SP | affected |
| B&R | Automation Studio | < 4.5.5SP | affected |
| B&R | Automation Studio | < 4.6.3SP | affected |
| B&R | Automation Studio | < 4.7.2 | affected |
Weaknesses
- CWE-326: CWE-326 Inadequate Encryption Strength
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.