CVE-2021-22280

DLL Hijacking Vulnerability in Automation Studio

Severity Score

7.2

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

Improper DLL loading algorithms in B&R Automation Studio versions >=4.0 and <4.12 may allow an authenticated local attacker to execute code in the context of the product.

Los algoritmos de carga de DLL inadecuados en B&R Automation Studio pueden permitir que un atacante local autenticado ejecute código con privilegios elevados. Este problema afecta a las versiones de Automation Studio anteriores a la 4.12.

*Credits: N/A

CVSS Scores

Asea Brown Boveri Ltd. (ABB)v3.1 7.2

Attack Vector

Local

Attack Complexity

High

Privileges Required

High

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

None

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2021-01-05 CVE Reserved
2024-05-14 CVE Published
2024-05-15 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation

CAPEC

References (1)

URL	Tag	Source
https://www.br-automation.com/fileadmin/2021-10_DLL_Hijacking_Vulnerability_in_Automation_Studio-7dd34511.pdf

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
B&R Industrial Automation Search vendor "B&R Industrial Automation"		Automation Studio Search vendor "B&R Industrial Automation" for product "Automation Studio"				< 4.12 Search vendor "B&R Industrial Automation" for product "Automation Studio" and version " < 4.12"		en		Affected