CVE-2019-19101 Information

Description

A missing secure communication definition and an incomplete TLS validation in the upgrade service in B&R Automation Studio versions 4.0.x 4.1.x 4.2.x 4.3.11SP 4.4.9SP 4.5.5SP 4.6.4 and 4.7.2 enable unauthenticated users to perform MITM attacks via the B&R upgrade server.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Reference

https://www.br-automation.com/en/downloads/032020-multiple-vulnerabilities-in-automation-studio/

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

NONE

Base Severity

5.9