CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22280 – DLL Hijacking Vulnerability in Automation Studio
https://notcve.org/view.php?id=CVE-2021-22280
14 May 2024 — Improper DLL loading algorithms in B&R Automation Studio versions >=4.0 and <4.12 may allow an authenticated local attacker to execute code in the context of the product. Los algoritmos de carga de DLL inadecuados en B&R Automation Studio pueden permitir que un atacante local autenticado ejecute código con privilegios elevados. Este problema afecta a las versiones de Automation Studio anteriores a la 4.12. • https://www.br-automation.com/fileadmin/2021-10_DLL_Hijacking_Vulnerability_in_Automation_Studio-7dd34511.pdf • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22281 – Zip Slip Vulnerability in B&R Automation Studio Project Import
https://notcve.org/view.php?id=CVE-2021-22281
02 Feb 2024 — : Relative Path Traversal vulnerability in B&R Industrial Automation Automation Studio allows Relative Path Traversal.This issue affects Automation Studio: from 4.0 through 4.12. : La vulnerabilidad de Path Traversal en B&R Industrial Automation Automation Studio permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Automation Studio: desde 4.0 hasta 4.12. • https://www.br-automation.com/fileadmin/2021-11_ZipSlip_Vulnerability_in_Automation_Studio_Project_Import-b90d2f42.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2020-24682 – Automation Studio and PVI Multiple unquoted service path vulnerabilities
https://notcve.org/view.php?id=CVE-2020-24682
02 Feb 2024 — Unquoted Search Path or Element vulnerability in B&R Industrial Automation Automation Studio, B&R Industrial Automation NET/PVI allows Target Programs with Elevated Privileges.This issue affects Automation Studio: from 4.0 through 4.6, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4 SP; NET/PVI: from 4.0 through 4.6, from 4.7.0 before 4.7.7, from 4.8.0 before 4.8.6, from 4.9.0 before 4.9.4. Vulnerabilidad de elemento o ruta de búsqueda sin comillas en B&R Industrial Autom... • https://www.br-automation.com/fileadmin/2021-14-BR-AS-NET-PVI-Service-Issues-c3710fbf.pdf • CWE-428: Unquoted Search Path or Element •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-24681 – Automation Studio and PVI Multiple incorrect permission assignments for services
https://notcve.org/view.php?id=CVE-2020-24681
02 Feb 2024 — Incorrect Permission Assignment for Critical Resource vulnerability in B&R Industrial Automation Automation Studio allows Privilege Escalation.This issue affects Automation Studio: from 4.6.0 through 4.6.X, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4 SP. La asignación de permisos incorrecta para la vulnerabilidad de recursos críticos en B&R Industrial Automation Automation Studio permite la escalada de privilegios. Este problema afecta a Automation Studio: desde 4.6.0... • https://www.br-automation.com/fileadmin/2021-14-BR-AS-NET-PVI-Service-Issues-c3710fbf.pdf • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22282 – RCE in B&R Automation Studio with crafted project files
https://notcve.org/view.php?id=CVE-2021-22282
02 Feb 2024 — Improper Control of Generation of Code ('Code Injection') vulnerability in B&R Industrial Automation Automation Studio allows Local Execution of Code.This issue affects Automation Studio: from 4.0 through 4.12. Un algoritmo de copia incorrecto en el componente de extracción de proyectos en B&R Automation Studio 4 puede permitir que un atacante no autenticado ejecute código. Este problema afecta a Automation Studio: desde 4.X hasta 4.0. • https://www.br-automation.com/fileadmin/2021-12_RCE_Vulnerability_in_BnR_Automation_Studio-1b993aeb.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') •