CVE-2019-19100

A privilege escalation vulnerability in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x, 4.2.x, < 4.3.11SP, < 4.4.9SP, < 4.5.4SP, <. 4.6.3SP, < 4.7.2 and < 4.8.1 allow authenticated users to delete arbitrary files via an exposed interface.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H
ABBCNA
7.5 HIGH
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 11%
VendorProductVersion
br-automationautomation_studio
4.0 ≤
𝑥
≤ 4.0.29.87
br-automationautomation_studio
4.1 ≤
𝑥
≤ 4.1.17.113
br-automationautomation_studio
4.2 ≤
𝑥
≤ 4.2.14.119
br-automationautomation_studio
4.3 ≤
𝑥
< 4.3.11
br-automationautomation_studio
4.4 ≤
𝑥
< 4.4.9
br-automationautomation_studio
4.5 ≤
𝑥
< 4.5.4
br-automationautomation_studio
4.6 ≤
𝑥
< 4.6.3
br-automationautomation_studio
4.7 ≤
𝑥
< 4.7.2
br-automationautomation_studio
4.8
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.br-automation.com/en/downloads/032020-multiple-vulnerabilities-in-automation-studio/
https://www.br-automation.com/en/downloads/032020-multiple-vulnerabilities-in-automation-studio/