CVE-2019-19102

Summary

A directory traversal vulnerability in SharpZipLib used in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x and 4.2.x allow unauthenticated users to write to certain local directories. The vulnerability is also known as zip slip.

Affected Software

VendorProductVersion RangeStatus
B&RAutomation Studio4.0.xaffected
B&RAutomation Studio4.1.xaffected
B&RAutomation Studio4.2.xaffected

Weaknesses

  • CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

ADP Enrichment

CVE Program Container

Additional References

References