CVE-2021-22275 – Denial of service vulnerability on Automation Runtime webserver
https://notcve.org/view.php?id=CVE-2021-22275
Buffer Overflow vulnerability in B&R Automation Runtime webserver allows an unauthenticated network-based attacker to stop the cyclic program on the device and cause a denial of service. Una vulnerabilidad de desbordamiento del búfer en el servidor web de B&R Automation Runtime permite a un atacante no autenticado basado en la red detener el programa cíclico en el dispositivo y causar una denegación de servicio • https://www.br-automation.com/downloads_br_productcatalogue/assets/1625405588264-en-original-1.0.pdf • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2019-19878
https://notcve.org/view.php?id=CVE-2019-19878
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get access to historical data from AprolSqlServer by bypassing authentication, a different vulnerability than CVE-2019-16358. Se detectó un problema en B&R Industrial Automation APROL versiones anteriores a R4.2 V7.08. Un atacante puede conseguir acceso a datos históricos de AprolSqlServer al omitir una autenticación, una vulnerabilidad diferente de CVE-2019-16358 • https://www.br-automation.com/downloads_br_productcatalogue/BRP44400000000000000585952/APROL_R42_A1_ReleaseNotes_001.pdf •
CVE-2019-19877
https://notcve.org/view.php?id=CVE-2019-19877
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get access to sensitive information outside the working directory via Directory Traversal attacks against AprolSqlServer, a different vulnerability than CVE-2019-16357. Se detectó un problema en B&R Industrial Automation APROL versiones anteriores a R4.2 V7.08. Un atacante puede conseguir acceso a información confidencial fuera del directorio de trabajo por medio de ataques de Salto de Directorio contra AprolSqlServer, una vulnerabilidad diferente de CVE-2019-16357 • https://www.br-automation.com/downloads_br_productcatalogue/BRP44400000000000000585952/APROL_R42_A1_ReleaseNotes_001.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2019-19876
https://notcve.org/view.php?id=CVE-2019-19876
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An EnMon PHP script was vulnerable to SQL injection, a different vulnerability than CVE-2019-10006. Se detectó un problema en B&R Industrial Automation APROL versiones anteriores a R4.2 V7.08. Un script PHP EnMon era vulnerable a una inyección SQL, una vulnerabilidad diferente de CVE-2019-10006 • https://www.br-automation.com/downloads_br_productcatalogue/BRP44400000000000000585952/APROL_R42_A1_ReleaseNotes_001.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2019-19875
https://notcve.org/view.php?id=CVE-2019-19875
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. Arbitrary commands could be injected (using Python scripts) via the AprolCluster script that is invoked via sudo and thus executes with root privileges, a different vulnerability than CVE-2019-16364. Se detectó un problema en B&R Industrial Automation APROL versiones anteriores a R4.2 V7.08. Se pueden inyectar comandos arbitrarios (usando scripts de Python) por medio del script AprolCluster que es invocado por medio de sudo y, por lo tanto, se ejecuta con privilegio root, una vulnerabilidad diferente de CVE-2019-16364 • https://www.br-automation.com/downloads_br_productcatalogue/BRP44400000000000000585952/APROL_R42_A1_ReleaseNotes_001.pdf • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •