Br-automation Automation Studio — known CVE vulnerabilities
Every CVE whose affected-product data names Br-automation Automation Studio, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2019-19108 — CVSS 9.4 (critical): An authentication weakness in the SNMP service in B&R Automation Runtime versions 2.96, 3.00, 3.01, 3.06 to 3.10, 4.00 to 4.63, 4.72 and…
CVE-2024-0220 — CVSS 8.3 (high): B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the…
CVE-2021-22282 — CVSS 8.3 (high): Improper Control of Generation of Code ('Code Injection') vulnerability in B&R Industrial Automation Automation Studio allows Local…
CVE-2020-24681 — CVSS 8.2 (high): Incorrect Permission Assignment for Critical Resource vulnerability in B&R Industrial Automation Automation Studio allows Privilege…
CVE-2019-19100 — CVSS 7.5 (high): A privilege escalation vulnerability in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x, 4.2.x, < 4.3.11SP, < 4.4.9SP, <…
CVE-2020-24682 — CVSS 7.2 (high): Unquoted Search Path or Element vulnerability in B&R Industrial Automation Automation Studio, B&R Industrial Automation NET/PVI allows…
CVE-2021-22280 — CVSS 7.2 (high): Improper DLL loading algorithms in B&R Automation Studio versions >=4.0 and <4.12 may allow an authenticated local attacker to execute code…
CVE-2019-19101 — CVSS 6.5 (medium): A missing secure communication definition and an incomplete TLS validation in the upgrade service in B&R Automation Studio versions 4.0.x…
CVE-2019-19102 — CVSS 5.5 (medium): A directory traversal vulnerability in SharpZipLib used in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x and 4.2.x…