CVE-2019-19102

A directory traversal vulnerability in SharpZipLib used in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x and 4.2.x allow unauthenticated users to write to certain local directories. The vulnerability is also known as zip slip.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
ABBCNA
5.5 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
VendorProductVersion
br-automationautomation_studio
4.0 ≤
𝑥
≤ 4.0.32.15
br-automationautomation_studio
4.1 ≤
𝑥
≤ 4.1.17.113
br-automationautomation_studio
4.2 ≤
𝑥
≤ 4.2.14.119
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.br-automation.com/en/downloads/032020-multiple-vulnerabilities-in-automation-studio/
https://www.br-automation.com/en/downloads/032020-multiple-vulnerabilities-in-automation-studio/