CVE-2019-19100 Information

Feb 14, 2021 cve

Description

A privilege escalation vulnerability in the upgrade service in B&R Automation Studio versions 4.0.x 4.1.x 4.2.x 4.3.11SP 4.4.9SP 4.5.4SP . 4.6.3SP 4.7.2 and 4.8.1 allow authenticated users to delete arbitrary files via an exposed interface.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Reference

https://www.br-automation.com/en/downloads/032020-multiple-vulnerabilities-in-automation-studio/

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.1

Share on: