Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for Automation Runtime by B&R

    CVE-2020-11637 (GCVE-0-2020-11637)

    Vulnerability from nvd – Published: 2020-10-15 15:08 – Updated: 2024-09-16 16:33
    VLAI
    Title
    Automation Runtime TFTP Service DoS Vulnerability
    Summary
    A memory leak in the TFTP service in B&R Automation Runtime versions <N4.26, <N4.34, <F4.45, <E4.53, <D4.63, <A4.73 and prior could allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition.
    CWE
    • CWE-401 - Improper Release of Memory Before Removing Last Reference
    Assigner
    ABB
    References
    Impacted products
    Vendor Product Version
    B&R Automation Runtime Affected: unspecified , ≤ 4.1x (custom)
    Affected: 4.2x , < N4.26 (custom)
    Affected: 4.3x , < N4.34 (custom)
    Affected: 4.4x , < F4.45 (custom)
    Affected: 4.5x , < E4.53 (custom)
    Affected: 4.6x , < D4.63 (custom)
    Affected: 4.7x , < A4.73 (custom)
    Create a notification for this product.
    Date Public
    2020-08-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:35:13.385Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1595163815396-de-original-1.0.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Automation Runtime",
              "vendor": "B\u0026R",
              "versions": [
                {
                  "lessThanOrEqual": "4.1x",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "N4.26",
                  "status": "affected",
                  "version": "4.2x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "N4.34",
                  "status": "affected",
                  "version": "4.3x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "F4.45",
                  "status": "affected",
                  "version": "4.4x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "E4.53",
                  "status": "affected",
                  "version": "4.5x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "D4.63",
                  "status": "affected",
                  "version": "4.6x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "A4.73",
                  "status": "affected",
                  "version": "4.7x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-08-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A memory leak in the TFTP service in B\u0026R Automation Runtime versions \u003cN4.26, \u003cN4.34, \u003cF4.45, \u003cE4.53, \u003cD4.63, \u003cA4.73 and prior could allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-401",
                  "description": "CWE-401 Improper Release of Memory Before Removing Last Reference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-15T15:08:14.000Z",
            "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
            "shortName": "ABB"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1595163815396-de-original-1.0.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Automation Runtime TFTP Service DoS Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@ch.abb.com",
              "DATE_PUBLIC": "2020-08-12T00:00:00.000Z",
              "ID": "CVE-2020-11637",
              "STATE": "PUBLIC",
              "TITLE": "Automation Runtime TFTP Service DoS Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Automation Runtime",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "4.1x"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "4.2x",
                                "version_value": "N4.26"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "4.3x",
                                "version_value": "N4.34"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "4.4x",
                                "version_value": "F4.45"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "4.5x",
                                "version_value": "E4.53"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "4.6x",
                                "version_value": "D4.63"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "4.7x",
                                "version_value": "A4.73"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "B\u0026R"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A memory leak in the TFTP service in B\u0026R Automation Runtime versions \u003cN4.26, \u003cN4.34, \u003cF4.45, \u003cE4.53, \u003cD4.63, \u003cA4.73 and prior could allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-401 Improper Release of Memory Before Removing Last Reference"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1595163815396-de-original-1.0.pdf",
                  "refsource": "MISC",
                  "url": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1595163815396-de-original-1.0.pdf"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "assignerShortName": "ABB",
        "cveId": "CVE-2020-11637",
        "datePublished": "2020-10-15T15:08:14.438Z",
        "dateReserved": "2020-04-08T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:33:01.394Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-19108 (GCVE-0-2019-19108)

    Vulnerability from nvd – Published: 2020-04-20 21:48 – Updated: 2024-08-05 02:09
    VLAI
    Title
    B&R Automation Runtime SNMP Authentication and Authorization Weakness
    Summary
    An authentication weakness in the SNMP service in B&R Automation Runtime versions 2.96, 3.00, 3.01, 3.06 to 3.10, 4.00 to 4.63, 4.72 and above allows unauthenticated users to modify the configuration of B&R products via SNMP.
    CWE
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    ABB
    References
    Impacted products
    Vendor Product Version
    B&R Automation Runtime Affected: 2 <= 2.96
    Affected: 3 <= 3.10
    Affected: 4 <= 4.72
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T02:09:39.340Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.br-automation.com/en/downloads/012020-automation-runtime-snmp-authentication-weakness/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.us-cert.gov/ics/advisories/icsa-20-051-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Automation Runtime",
              "vendor": "B\u0026R",
              "versions": [
                {
                  "status": "affected",
                  "version": "2 \u003c= 2.96"
                },
                {
                  "status": "affected",
                  "version": "3 \u003c= 3.10"
                },
                {
                  "status": "affected",
                  "version": "4 \u003c= 4.72"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An authentication weakness in the SNMP service in B\u0026R Automation Runtime versions 2.96, 3.00, 3.01, 3.06 to 3.10, 4.00 to 4.63, 4.72 and above allows unauthenticated users to modify the configuration of B\u0026R products via SNMP."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.4,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798 Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-04-27T20:21:55.000Z",
            "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
            "shortName": "ABB"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.br-automation.com/en/downloads/012020-automation-runtime-snmp-authentication-weakness/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.us-cert.gov/ics/advisories/icsa-20-051-01"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "B\u0026R Automation Runtime SNMP Authentication and Authorization Weakness",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@ch.abb.com",
              "ID": "CVE-2019-19108",
              "STATE": "PUBLIC",
              "TITLE": "B\u0026R Automation Runtime SNMP Authentication and Authorization Weakness"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Automation Runtime",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2 \u003c= 2.96"
                              },
                              {
                                "version_value": "3 \u003c= 3.10"
                              },
                              {
                                "version_value": "4 \u003c= 4.72"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "B\u0026R"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An authentication weakness in the SNMP service in B\u0026R Automation Runtime versions 2.96, 3.00, 3.01, 3.06 to 3.10, 4.00 to 4.63, 4.72 and above allows unauthenticated users to modify the configuration of B\u0026R products via SNMP."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.4,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-798 Use of Hard-coded Credentials"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.br-automation.com/en/downloads/012020-automation-runtime-snmp-authentication-weakness/",
                  "refsource": "CONFIRM",
                  "url": "https://www.br-automation.com/en/downloads/012020-automation-runtime-snmp-authentication-weakness/"
                },
                {
                  "name": "https://www.us-cert.gov/ics/advisories/icsa-20-051-01",
                  "refsource": "MISC",
                  "url": "https://www.us-cert.gov/ics/advisories/icsa-20-051-01"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "assignerShortName": "ABB",
        "cveId": "CVE-2019-19108",
        "datePublished": "2020-04-20T21:48:29.000Z",
        "dateReserved": "2019-11-18T00:00:00.000Z",
        "dateUpdated": "2024-08-05T02:09:39.340Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-11637 (GCVE-0-2020-11637)

    Vulnerability from cvelistv5 – Published: 2020-10-15 15:08 – Updated: 2024-09-16 16:33
    VLAI
    Title
    Automation Runtime TFTP Service DoS Vulnerability
    Summary
    A memory leak in the TFTP service in B&R Automation Runtime versions <N4.26, <N4.34, <F4.45, <E4.53, <D4.63, <A4.73 and prior could allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition.
    CWE
    • CWE-401 - Improper Release of Memory Before Removing Last Reference
    Assigner
    ABB
    References
    Impacted products
    Vendor Product Version
    B&R Automation Runtime Affected: unspecified , ≤ 4.1x (custom)
    Affected: 4.2x , < N4.26 (custom)
    Affected: 4.3x , < N4.34 (custom)
    Affected: 4.4x , < F4.45 (custom)
    Affected: 4.5x , < E4.53 (custom)
    Affected: 4.6x , < D4.63 (custom)
    Affected: 4.7x , < A4.73 (custom)
    Create a notification for this product.
    Date Public
    2020-08-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:35:13.385Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1595163815396-de-original-1.0.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Automation Runtime",
              "vendor": "B\u0026R",
              "versions": [
                {
                  "lessThanOrEqual": "4.1x",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "N4.26",
                  "status": "affected",
                  "version": "4.2x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "N4.34",
                  "status": "affected",
                  "version": "4.3x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "F4.45",
                  "status": "affected",
                  "version": "4.4x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "E4.53",
                  "status": "affected",
                  "version": "4.5x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "D4.63",
                  "status": "affected",
                  "version": "4.6x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "A4.73",
                  "status": "affected",
                  "version": "4.7x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-08-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A memory leak in the TFTP service in B\u0026R Automation Runtime versions \u003cN4.26, \u003cN4.34, \u003cF4.45, \u003cE4.53, \u003cD4.63, \u003cA4.73 and prior could allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-401",
                  "description": "CWE-401 Improper Release of Memory Before Removing Last Reference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-15T15:08:14.000Z",
            "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
            "shortName": "ABB"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1595163815396-de-original-1.0.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Automation Runtime TFTP Service DoS Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@ch.abb.com",
              "DATE_PUBLIC": "2020-08-12T00:00:00.000Z",
              "ID": "CVE-2020-11637",
              "STATE": "PUBLIC",
              "TITLE": "Automation Runtime TFTP Service DoS Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Automation Runtime",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "4.1x"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "4.2x",
                                "version_value": "N4.26"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "4.3x",
                                "version_value": "N4.34"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "4.4x",
                                "version_value": "F4.45"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "4.5x",
                                "version_value": "E4.53"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "4.6x",
                                "version_value": "D4.63"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "4.7x",
                                "version_value": "A4.73"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "B\u0026R"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A memory leak in the TFTP service in B\u0026R Automation Runtime versions \u003cN4.26, \u003cN4.34, \u003cF4.45, \u003cE4.53, \u003cD4.63, \u003cA4.73 and prior could allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-401 Improper Release of Memory Before Removing Last Reference"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1595163815396-de-original-1.0.pdf",
                  "refsource": "MISC",
                  "url": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1595163815396-de-original-1.0.pdf"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "assignerShortName": "ABB",
        "cveId": "CVE-2020-11637",
        "datePublished": "2020-10-15T15:08:14.438Z",
        "dateReserved": "2020-04-08T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:33:01.394Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-19108 (GCVE-0-2019-19108)

    Vulnerability from cvelistv5 – Published: 2020-04-20 21:48 – Updated: 2024-08-05 02:09
    VLAI
    Title
    B&R Automation Runtime SNMP Authentication and Authorization Weakness
    Summary
    An authentication weakness in the SNMP service in B&R Automation Runtime versions 2.96, 3.00, 3.01, 3.06 to 3.10, 4.00 to 4.63, 4.72 and above allows unauthenticated users to modify the configuration of B&R products via SNMP.
    CWE
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    ABB
    References
    Impacted products
    Vendor Product Version
    B&R Automation Runtime Affected: 2 <= 2.96
    Affected: 3 <= 3.10
    Affected: 4 <= 4.72
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T02:09:39.340Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.br-automation.com/en/downloads/012020-automation-runtime-snmp-authentication-weakness/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.us-cert.gov/ics/advisories/icsa-20-051-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Automation Runtime",
              "vendor": "B\u0026R",
              "versions": [
                {
                  "status": "affected",
                  "version": "2 \u003c= 2.96"
                },
                {
                  "status": "affected",
                  "version": "3 \u003c= 3.10"
                },
                {
                  "status": "affected",
                  "version": "4 \u003c= 4.72"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An authentication weakness in the SNMP service in B\u0026R Automation Runtime versions 2.96, 3.00, 3.01, 3.06 to 3.10, 4.00 to 4.63, 4.72 and above allows unauthenticated users to modify the configuration of B\u0026R products via SNMP."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.4,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798 Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-04-27T20:21:55.000Z",
            "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
            "shortName": "ABB"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.br-automation.com/en/downloads/012020-automation-runtime-snmp-authentication-weakness/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.us-cert.gov/ics/advisories/icsa-20-051-01"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "B\u0026R Automation Runtime SNMP Authentication and Authorization Weakness",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@ch.abb.com",
              "ID": "CVE-2019-19108",
              "STATE": "PUBLIC",
              "TITLE": "B\u0026R Automation Runtime SNMP Authentication and Authorization Weakness"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Automation Runtime",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2 \u003c= 2.96"
                              },
                              {
                                "version_value": "3 \u003c= 3.10"
                              },
                              {
                                "version_value": "4 \u003c= 4.72"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "B\u0026R"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An authentication weakness in the SNMP service in B\u0026R Automation Runtime versions 2.96, 3.00, 3.01, 3.06 to 3.10, 4.00 to 4.63, 4.72 and above allows unauthenticated users to modify the configuration of B\u0026R products via SNMP."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.4,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-798 Use of Hard-coded Credentials"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.br-automation.com/en/downloads/012020-automation-runtime-snmp-authentication-weakness/",
                  "refsource": "CONFIRM",
                  "url": "https://www.br-automation.com/en/downloads/012020-automation-runtime-snmp-authentication-weakness/"
                },
                {
                  "name": "https://www.us-cert.gov/ics/advisories/icsa-20-051-01",
                  "refsource": "MISC",
                  "url": "https://www.us-cert.gov/ics/advisories/icsa-20-051-01"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "assignerShortName": "ABB",
        "cveId": "CVE-2019-19108",
        "datePublished": "2020-04-20T21:48:29.000Z",
        "dateReserved": "2019-11-18T00:00:00.000Z",
        "dateUpdated": "2024-08-05T02:09:39.340Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }