Request a Demo
Rewterz
Rewterz Threat Advisory – ICS: Advantech WebAccess/NMS Multiple Vulnerabilities
April 8, 2020
Rewterz
Rewterz Threat Advisory – CVE-2020-10633 – ICS: HMS Networks eWON Flexy and Cosy Cross-site Scripting Vulnerability
April 8, 2020

Rewterz Threat Advisory – ICS: B&R Automation Studio Multiple Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2019-19100

A privilege escalation vulnerability in the upgrade service in B&R Automation Studio could allow authenticated users to delete arbitrary files via an exposed interface.

CVE-2019-19101

A missing secure communication definition and an incomplete TLS validation in the upgrade service in B&R Automation Studio enable unauthenticated users to perform MITM attacks via the B&R upgrade server.

CVE-2019-19102

A directory traversal vulnerability in SharpZipLib used in the upgrade service in B&R Automation Studio allow unauthenticated users to write to certain local directories. The vulnerability is also known as “zip slip.”

Impact

  • Privilege escalation
  • Path Traversal

Affected Vendors

B&R Automation

Affected Products

Automation Studio

Remediation

Refer to ICS advisory for the complete list of affected products and updates.

https://www.us-cert.gov/ics/advisories/icsa-20-093-01