Search

Find a vulnerability

Search criteria

    14 vulnerabilities found for Automation Studio by B&R Industrial Automation

    CVE-2021-22280 (GCVE-0-2021-22280)

    Vulnerability from nvd – Published: 2024-05-14 19:36 – Updated: 2024-08-03 18:37
    VLAI
    Title
    DLL Hijacking Vulnerability in Automation Studio
    Summary
    Improper DLL loading algorithms in B&R Automation Studio versions >=4.0 and <4.12 may allow an authenticated local attacker to execute code in the context of the product.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • DLL Hijacking Vulnerability in Automation Studio
    • CWE-20 - Improper Input Validation
    Assigner
    ABB
    Impacted products
    Vendor Product Version
    B&R Industrial Automation Automation Studio Affected: 0 , < 4.12 (custom)
    Create a notification for this product.
    br-automation automation_studio Affected: 4.0 , < 4.12 (custom)
        cpe:2.3:a:br-automation:automation_studio:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:br-automation:automation_studio:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "automation_studio",
                "vendor": "br-automation",
                "versions": [
                  {
                    "lessThan": "4.12",
                    "status": "affected",
                    "version": "4.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-22280",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-16T16:04:24.321651Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-20",
                    "description": "CWE-20 Improper Input Validation",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-26T15:53:35.178Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T18:37:18.537Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.br-automation.com/fileadmin/2021-10_DLL_Hijacking_Vulnerability_in_Automation_Studio-7dd34511.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Automation Studio",
              "vendor": "B\u0026R Industrial Automation",
              "versions": [
                {
                  "lessThan": "4.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper DLL loading algorithms in B\u0026amp;R Automation Studio versions \u0026gt;=4.0 and \u0026lt;4.12 may allow an authenticated local attacker to execute code in the context of the product.\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "Improper DLL loading algorithms in B\u0026R Automation Studio versions \u003e=4.0 and \u003c4.12 may allow an authenticated local attacker to execute code in the context of the product."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "DLL Hijacking Vulnerability in Automation Studio",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-27T07:33:47.854Z",
            "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
            "shortName": "ABB"
          },
          "references": [
            {
              "url": "https://www.br-automation.com/fileadmin/2021-10_DLL_Hijacking_Vulnerability_in_Automation_Studio-7dd34511.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "DLL Hijacking Vulnerability in Automation Studio",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "assignerShortName": "ABB",
        "cveId": "CVE-2021-22280",
        "datePublished": "2024-05-14T19:36:51.930Z",
        "dateReserved": "2021-01-05T17:31:49.080Z",
        "dateUpdated": "2024-08-03T18:37:18.537Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-0220 (GCVE-0-2024-0220)

    Vulnerability from nvd – Published: 2024-02-22 10:15 – Updated: 2024-09-19 17:24
    VLAI
    Title
    B&R products use insufficient communication encryption
    Summary
    B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive data.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1240 - Use of a Cryptographic Primitive with a Risky Implementation
    • CWE-319 - Cleartext Transmission of Sensitive Information
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    ABB
    Impacted products
    Vendor Product Version
    B&R Industrial Automation Automation Studio Affected: 4.0 , < 4.6 (patch)
    Create a notification for this product.
    B&R Industrial Automation Technology Guarding Affected: 1.0.0 , < 1.4.0 (patch)
    Create a notification for this product.
    br-automation automation_studio Affected: 4.0 , < 4.6 (custom)
        cpe:2.3:a:br-automation:automation_studio:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-02-22 10:10
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T17:41:15.976Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.br-automation.com/fileadmin/SA23P019_Automation_Studio_Upgrade_Service_uses_insufficient_encryption.pdf-1b3b181c.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:br-automation:automation_studio:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "automation_studio",
                "vendor": "br-automation",
                "versions": [
                  {
                    "lessThan": "4.6",
                    "status": "affected",
                    "version": "4.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-0220",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-22T16:23:26.378691Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-28T16:52:09.908Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Upgrade Service"
              ],
              "product": "Automation Studio",
              "vendor": "B\u0026R Industrial Automation",
              "versions": [
                {
                  "lessThan": "4.6",
                  "status": "affected",
                  "version": "4.0",
                  "versionType": "patch"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Technology Guarding",
              "vendor": "B\u0026R Industrial Automation",
              "versions": [
                {
                  "lessThan": "1.4.0",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "patch"
                }
              ]
            }
          ],
          "datePublic": "2024-02-22T10:10:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "B\u0026amp;R Automation Studio Upgrade Service and B\u0026amp;R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive data.\n\n\u003cbr\u003e"
                }
              ],
              "value": "B\u0026R Automation Studio Upgrade Service and B\u0026R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive data."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1240",
                  "description": "CWE-1240: Use of a Cryptographic Primitive with a Risky Implementation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-319",
                  "description": "CWE-319 Cleartext Transmission of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-19T17:24:51.723Z",
            "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
            "shortName": "ABB"
          },
          "references": [
            {
              "url": "https://www.br-automation.com/fileadmin/SA23P019_Automation_Studio_Upgrade_Service_uses_insufficient_encryption.pdf-1b3b181c.pdf"
            }
          ],
          "source": {
            "advisory": "2023-P019",
            "discovery": "INTERNAL"
          },
          "title": "B\u0026R products use insufficient communication encryption",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "assignerShortName": "ABB",
        "cveId": "CVE-2024-0220",
        "datePublished": "2024-02-22T10:15:44.750Z",
        "dateReserved": "2024-01-03T15:46:41.224Z",
        "dateUpdated": "2024-09-19T17:24:51.723Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-22281 (GCVE-0-2021-22281)

    Vulnerability from nvd – Published: 2024-02-02 07:24 – Updated: 2024-08-21 17:32
    VLAI
    Title
    Zip Slip Vulnerability in B&R Automation Studio Project Import
    Summary
    : Relative Path Traversal vulnerability in B&R Industrial Automation Automation Studio allows Relative Path Traversal.This issue affects Automation Studio: from 4.0 through 4.12.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-23 - Relative Path Traversal
    Assigner
    ABB
    Impacted products
    Vendor Product Version
    B&R Industrial Automation Automation Studio Affected: 4.0 , ≤ 4.12 (custom)
    Create a notification for this product.
    Date Public
    2021-10-28 18:30
    Credits
    B&R would like to thank the following for working with us to help protect our customers: Mr. Mashav Sapir of Claroty, Mr. Andrew Hofmans
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T18:37:18.432Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.br-automation.com/fileadmin/2021-11_ZipSlip_Vulnerability_in_Automation_Studio_Project_Import-b90d2f42.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-22281",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-21T15:56:31.407839Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-21T17:32:38.731Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Automation Studio",
              "vendor": "B\u0026R Industrial Automation",
              "versions": [
                {
                  "lessThanOrEqual": "4.12",
                  "status": "affected",
                  "version": "4.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "B\u0026R would like to thank the following for working with us to help protect our customers: Mr. Mashav Sapir of Claroty, Mr. Andrew Hofmans"
            }
          ],
          "datePublic": "2021-10-28T18:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": ": Relative Path Traversal vulnerability in B\u0026amp;R Industrial Automation Automation Studio allows Relative Path Traversal.\u003cp\u003eThis issue affects Automation Studio: from 4.0 through 4.12.\u003c/p\u003e"
                }
              ],
              "value": ": Relative Path Traversal vulnerability in B\u0026R Industrial Automation Automation Studio allows Relative Path Traversal.This issue affects Automation Studio: from 4.0 through 4.12.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-139",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-139 Relative Path Traversal"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "CWE-23: Relative Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-02T11:25:16.360Z",
            "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
            "shortName": "ABB"
          },
          "references": [
            {
              "url": "https://www.br-automation.com/fileadmin/2021-11_ZipSlip_Vulnerability_in_Automation_Studio_Project_Import-b90d2f42.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Zip Slip Vulnerability in B\u0026R Automation Studio Project Import",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\nB\u0026amp;R recommends the following specific workarounds and mitigations:\nOpen only B\u0026amp;R Automation Studio project files from trusted source.\nUse encrypted export of B\u0026amp;R Automation Studio project files, thus only allowing access to legitimate \nusers.\nProtect locations where B\u0026amp;R Automation Studio projects are stored from unauthorized access. This \nincludes PLCs, when using the feature to back up project source files on target.\nDo not run B\u0026amp;R Automation Studio in elevated mode.\nMake sure, that Windows User Access Control (UAC) is enabled.\nVerify integrity of B\u0026amp;R Automation Studio project files, which are exchanged via potentially insecure \nchannels\nIn general, B\u0026amp;R recommends implementing the Cyber Security guidelines\n\n\u003cbr\u003e"
                }
              ],
              "value": "\nB\u0026R recommends the following specific workarounds and mitigations:\nOpen only B\u0026R Automation Studio project files from trusted source.\nUse encrypted export of B\u0026R Automation Studio project files, thus only allowing access to legitimate \nusers.\nProtect locations where B\u0026R Automation Studio projects are stored from unauthorized access. This \nincludes PLCs, when using the feature to back up project source files on target.\nDo not run B\u0026R Automation Studio in elevated mode.\nMake sure, that Windows User Access Control (UAC) is enabled.\nVerify integrity of B\u0026R Automation Studio project files, which are exchanged via potentially insecure \nchannels\nIn general, B\u0026R recommends implementing the Cyber Security guidelines\n\n\n"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "assignerShortName": "ABB",
        "cveId": "CVE-2021-22281",
        "datePublished": "2024-02-02T07:24:29.599Z",
        "dateReserved": "2021-01-05T17:31:49.080Z",
        "dateUpdated": "2024-08-21T17:32:38.731Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-24682 (GCVE-0-2020-24682)

    Vulnerability from nvd – Published: 2024-02-02 07:11 – Updated: 2025-06-17 21:29
    VLAI
    Title
    Automation Studio and PVI Multiple unquoted service path vulnerabilities
    Summary
    Unquoted Search Path or Element vulnerability in B&R Industrial Automation Automation Studio, B&R Industrial Automation NET/PVI allows Target Programs with Elevated Privileges.This issue affects Automation Studio: from 4.0 through 4.6, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4 SP; NET/PVI: from 4.0 through 4.6, from 4.7.0 before 4.7.7, from 4.8.0 before 4.8.6, from 4.9.0 before 4.9.4.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-428 - Unquoted Search Path or Element
    Assigner
    ABB
    Impacted products
    Vendor Product Version
    B&R Industrial Automation Automation Studio Affected: 4.0 , ≤ 4.6 (custom)
    Affected: 4.7.0 , < 4.7.7 SP (custom)
    Affected: 4.8.0 , < 4.8.6 SP (custom)
    Affected: 4.9.0 , < 4.9.4 SP (custom)
    Create a notification for this product.
    B&R Industrial Automation NET/PVI Affected: 4.0 , ≤ 4.6 (custom)
    Affected: 4.7.0 , < 4.7.7 (custom)
    Affected: 4.8.0 , < 4.8.6 (custom)
    Affected: 4.9.0 , < 4.9.4 (custom)
    Create a notification for this product.
    Credits
    B&R would like to thank the following for working with us to help protect our customers: Mr. Andrew Hofmans
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T15:19:09.304Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.br-automation.com/fileadmin/2021-14-BR-AS-NET-PVI-Service-Issues-c3710fbf.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-24682",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-02T14:19:51.368303Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-17T21:29:22.845Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Automation Studio",
              "vendor": "B\u0026R Industrial Automation",
              "versions": [
                {
                  "lessThanOrEqual": "4.6",
                  "status": "affected",
                  "version": "4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.7.7 SP",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.8.6 SP",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.9.4 SP",
                  "status": "affected",
                  "version": "4.9.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "NET/PVI",
              "vendor": "B\u0026R Industrial Automation",
              "versions": [
                {
                  "lessThanOrEqual": "4.6",
                  "status": "affected",
                  "version": "4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.7.7",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.8.6",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.9.4",
                  "status": "affected",
                  "version": "4.9.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "B\u0026R would like to thank the following for working with us to help protect our customers: Mr. Andrew Hofmans"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Unquoted Search Path or Element vulnerability in B\u0026amp;R Industrial Automation Automation Studio, B\u0026amp;R Industrial Automation NET/PVI allows Target Programs with Elevated Privileges.\u003cp\u003eThis issue affects Automation Studio: from 4.0 through 4.6, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4 SP; NET/PVI: from 4.0 through 4.6, from 4.7.0 before 4.7.7, from 4.8.0 before 4.8.6, from 4.9.0 before 4.9.4.\u003c/p\u003e"
                }
              ],
              "value": "Unquoted Search Path or Element vulnerability in B\u0026R Industrial Automation Automation Studio, B\u0026R Industrial Automation NET/PVI allows Target Programs with Elevated Privileges.This issue affects Automation Studio: from 4.0 through 4.6, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4 SP; NET/PVI: from 4.0 through 4.6, from 4.7.0 before 4.7.7, from 4.8.0 before 4.8.6, from 4.9.0 before 4.9.4.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-69",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-69 Target Programs with Elevated Privileges"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-428",
                  "description": "CWE-428 Unquoted Search Path or Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-02T11:30:17.773Z",
            "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
            "shortName": "ABB"
          },
          "references": [
            {
              "url": "https://www.br-automation.com/fileadmin/2021-14-BR-AS-NET-PVI-Service-Issues-c3710fbf.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Automation Studio and PVI Multiple unquoted service path vulnerabilities",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\n\nB\u0026amp;R has identified the following specific workarounds and mitigations.\nUsers of B\u0026amp;R Automation Studio and PVI may manually reconfigure the service paths and enclose them \nin quotes.\nAdditionally, it is recommended to limit access to the workstation running B\u0026amp;R Automation Studio and PVI \nto authorized users\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "\n\n\nB\u0026R has identified the following specific workarounds and mitigations.\nUsers of B\u0026R Automation Studio and PVI may manually reconfigure the service paths and enclose them \nin quotes.\nAdditionally, it is recommended to limit access to the workstation running B\u0026R Automation Studio and PVI \nto authorized users\n\n\n\n\n"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "assignerShortName": "ABB",
        "cveId": "CVE-2020-24682",
        "datePublished": "2024-02-02T07:11:44.086Z",
        "dateReserved": "2020-08-26T00:00:00.000Z",
        "dateUpdated": "2025-06-17T21:29:22.845Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-22282 (GCVE-0-2021-22282)

    Vulnerability from nvd – Published: 2024-02-02 06:38 – Updated: 2025-06-17 21:29
    VLAI
    Title
    RCE in B&R Automation Studio with crafted project files
    Summary
    Improper Control of Generation of Code ('Code Injection') vulnerability in B&R Industrial Automation Automation Studio allows Local Execution of Code.This issue affects Automation Studio: from 4.0 through 4.12.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    ABB
    Impacted products
    Vendor Product Version
    B&R Industrial Automation Automation Studio Affected: 4.0 , ≤ 4.12 (custom)
    Create a notification for this product.
    Date Public
    2021-10-28 18:30
    Credits
    B&R would like to thank the following for working with us to help protect our customers: Mr. Mashav Sapir of Claroty, Mr. Andrew Hofmans
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T18:37:18.516Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.br-automation.com/fileadmin/2021-12_RCE_Vulnerability_in_BnR_Automation_Studio-1b993aeb.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-22282",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-14T21:13:25.788287Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-17T21:29:23.035Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Automation Studio",
              "vendor": "B\u0026R Industrial Automation",
              "versions": [
                {
                  "lessThanOrEqual": "4.12",
                  "status": "affected",
                  "version": "4.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "B\u0026R would like to thank the following for working with us to help protect our customers: Mr. Mashav Sapir of Claroty, Mr. Andrew Hofmans"
            }
          ],
          "datePublic": "2021-10-28T18:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in B\u0026amp;R Industrial Automation Automation Studio allows Local Execution of Code.\u003cp\u003eThis issue affects Automation Studio: from 4.0 through 4.12.\u003c/p\u003e"
                }
              ],
              "value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in B\u0026R Industrial Automation Automation Studio allows Local Execution of Code.This issue affects Automation Studio: from 4.0 through 4.12.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-549",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-549 Local Execution of Code"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-02T11:25:49.556Z",
            "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
            "shortName": "ABB"
          },
          "references": [
            {
              "url": "https://www.br-automation.com/fileadmin/2021-12_RCE_Vulnerability_in_BnR_Automation_Studio-1b993aeb.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "RCE in B\u0026R Automation Studio with crafted project files",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\nB\u0026amp;R recommends the following specific workarounds and mitigations:\nOpen only B\u0026amp;R Automation Studio project files from trusted source.\nProtect locations where B\u0026amp;R Automation Studio projects are stored from unauthorized access. This \nincludes PLCs, when using the feature to back up project source files on target.\nDo not run B\u0026amp;R Automation Studio in elevated mode.\nVerify integrity of B\u0026amp;R Automation Studio project files, which are exchanged via potentially insecure \nchannels.\nMake sure, that Windows User Access Control (UAC) is enabled.\nIn general, B\u0026amp;R recommends implementing the Cyber Security guidelines.\n\n\u003cbr\u003e"
                }
              ],
              "value": "\nB\u0026R recommends the following specific workarounds and mitigations:\nOpen only B\u0026R Automation Studio project files from trusted source.\nProtect locations where B\u0026R Automation Studio projects are stored from unauthorized access. This \nincludes PLCs, when using the feature to back up project source files on target.\nDo not run B\u0026R Automation Studio in elevated mode.\nVerify integrity of B\u0026R Automation Studio project files, which are exchanged via potentially insecure \nchannels.\nMake sure, that Windows User Access Control (UAC) is enabled.\nIn general, B\u0026R recommends implementing the Cyber Security guidelines.\n\n\n"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "assignerShortName": "ABB",
        "cveId": "CVE-2021-22282",
        "datePublished": "2024-02-02T06:38:32.358Z",
        "dateReserved": "2021-01-05T17:31:49.080Z",
        "dateUpdated": "2025-06-17T21:29:23.035Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-24681 (GCVE-0-2020-24681)

    Vulnerability from nvd – Published: 2024-02-02 06:58 – Updated: 2025-05-09 17:52
    VLAI
    Title
    Automation Studio and PVI Multiple incorrect permission assignments for services
    Summary
    Incorrect Permission Assignment for Critical Resource vulnerability in B&R Industrial Automation Automation Studio allows Privilege Escalation.This issue affects Automation Studio: from 4.6.0 through 4.6.X, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4 SP.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-732 - Incorrect Permission Assignment for Critical Resource
    Assigner
    ABB
    Impacted products
    Vendor Product Version
    B&R Industrial Automation Automation Studio Affected: 4.6.0 , ≤ 4.6.x (custom)
    Affected: 4.7.0 , < 4.7.7 SP (custom)
    Affected: 4.8.0 , < 4.8.6 SP (custom)
    Affected: 4.9.0 , < 4.9.4 SP (custom)
    Create a notification for this product.
    B&R Industrial Automation NET/PVI Affected: 4.6.0 , ≤ 4.6.x (custom)
    Affected: 4.7.0 , < 4.7.7 (custom)
    Affected: 4.8.0 , < 4.8.6 (custom)
    Affected: 4.9.0 , < 4.9.4 (custom)
    Create a notification for this product.
    Date Public
    2021-11-29 18:30
    Credits
    B&R would like to thank the following for working with us to help protect our customers: Mr. Andrew Hofmans
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T15:19:09.083Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.br-automation.com/fileadmin/2021-14-BR-AS-NET-PVI-Service-Issues-c3710fbf.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-24681",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-02T17:22:16.797450Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-09T17:52:17.145Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Automation Studio",
              "vendor": "B\u0026R Industrial Automation",
              "versions": [
                {
                  "lessThanOrEqual": "4.6.x",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.7.7 SP",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.8.6 SP",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.9.4 SP",
                  "status": "affected",
                  "version": "4.9.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "NET/PVI",
              "vendor": "B\u0026R Industrial Automation",
              "versions": [
                {
                  "lessThanOrEqual": "4.6.x",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.7.7",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.8.6",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.9.4",
                  "status": "affected",
                  "version": "4.9.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "B\u0026R would like to thank the following for working with us to help protect our customers: Mr. Andrew Hofmans"
            }
          ],
          "datePublic": "2021-11-29T18:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Incorrect Permission Assignment for Critical Resource vulnerability in B\u0026amp;R Industrial Automation Automation Studio allows Privilege Escalation.\u003cp\u003eThis issue affects Automation Studio: from 4.6.0 through 4.6.X, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4 SP.\u003c/p\u003e"
                }
              ],
              "value": "Incorrect Permission Assignment for Critical Resource vulnerability in B\u0026R Industrial Automation Automation Studio allows Privilege Escalation.This issue affects Automation Studio: from 4.6.0 through 4.6.X, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4 SP.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-732",
                  "description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-02T06:58:24.173Z",
            "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
            "shortName": "ABB"
          },
          "references": [
            {
              "url": "https://www.br-automation.com/fileadmin/2021-14-BR-AS-NET-PVI-Service-Issues-c3710fbf.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Automation Studio and PVI Multiple incorrect permission assignments for services",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\nB\u0026amp;R has identified the following specific workarounds and mitigations.\nUsers of B\u0026amp;R Automation Studio and PVI may manually reconfigure permission settings on these \nservices to allow modification only for privileged users.\nAdditionally, it is recommended to limit access to the workstation running B\u0026amp;R Automation Studio and PVI \nto authorized users.\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "\nB\u0026R has identified the following specific workarounds and mitigations.\nUsers of B\u0026R Automation Studio and PVI may manually reconfigure permission settings on these \nservices to allow modification only for privileged users.\nAdditionally, it is recommended to limit access to the workstation running B\u0026R Automation Studio and PVI \nto authorized users.\n\n\n\n"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "assignerShortName": "ABB",
        "cveId": "CVE-2020-24681",
        "datePublished": "2024-02-02T06:58:24.173Z",
        "dateReserved": "2020-08-26T00:00:00.000Z",
        "dateUpdated": "2025-05-09T17:52:17.145Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-22289 (GCVE-0-2021-22289)

    Vulnerability from nvd – Published: 2022-08-11 14:56 – Updated: 2024-08-03 18:37
    VLAI
    Title
    RCE through Project Upload from Target
    Summary
    Improper Input Validation vulnerability in the project upload mechanism in B&R Automation Studio version >=4.0 may allow an unauthenticated network attacker to execute code.
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    ABB
    References
    Impacted products
    Vendor Product Version
    B&R Industrial Automation Automation Studio Affected: 4 , < unspecified (custom)
    Create a notification for this product.
    Credits
    Mr. Mashav Sapir of Claroty
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T18:37:18.480Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1640529306294-en-original-1.0.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Automation Studio",
              "vendor": "B\u0026R Industrial Automation",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Mr. Mashav Sapir of Claroty"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Input Validation vulnerability in the project upload mechanism in B\u0026R Automation Studio version \u003e=4.0 may allow an unauthenticated network attacker to execute code."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-11T14:56:01.000Z",
            "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
            "shortName": "ABB"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1640529306294-en-original-1.0.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "RCE through Project Upload from Target",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@ch.abb.com",
              "ID": "CVE-2021-22289",
              "STATE": "PUBLIC",
              "TITLE": "RCE through Project Upload from Target"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Automation Studio",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "B\u0026R Industrial Automation"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Mr. Mashav Sapir of Claroty"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper Input Validation vulnerability in the project upload mechanism in B\u0026R Automation Studio version \u003e=4.0 may allow an unauthenticated network attacker to execute code."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-20 Improper Input Validation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1640529306294-en-original-1.0.pdf",
                  "refsource": "MISC",
                  "url": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1640529306294-en-original-1.0.pdf"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "assignerShortName": "ABB",
        "cveId": "CVE-2021-22289",
        "datePublished": "2022-08-11T14:56:02.000Z",
        "dateReserved": "2021-01-05T00:00:00.000Z",
        "dateUpdated": "2024-08-03T18:37:18.480Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-22280 (GCVE-0-2021-22280)

    Vulnerability from cvelistv5 – Published: 2024-05-14 19:36 – Updated: 2024-08-03 18:37
    VLAI
    Title
    DLL Hijacking Vulnerability in Automation Studio
    Summary
    Improper DLL loading algorithms in B&R Automation Studio versions >=4.0 and <4.12 may allow an authenticated local attacker to execute code in the context of the product.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • DLL Hijacking Vulnerability in Automation Studio
    • CWE-20 - Improper Input Validation
    Assigner
    ABB
    Impacted products
    Vendor Product Version
    B&R Industrial Automation Automation Studio Affected: 0 , < 4.12 (custom)
    Create a notification for this product.
    br-automation automation_studio Affected: 4.0 , < 4.12 (custom)
        cpe:2.3:a:br-automation:automation_studio:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:br-automation:automation_studio:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "automation_studio",
                "vendor": "br-automation",
                "versions": [
                  {
                    "lessThan": "4.12",
                    "status": "affected",
                    "version": "4.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-22280",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-16T16:04:24.321651Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-20",
                    "description": "CWE-20 Improper Input Validation",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-26T15:53:35.178Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T18:37:18.537Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.br-automation.com/fileadmin/2021-10_DLL_Hijacking_Vulnerability_in_Automation_Studio-7dd34511.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Automation Studio",
              "vendor": "B\u0026R Industrial Automation",
              "versions": [
                {
                  "lessThan": "4.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper DLL loading algorithms in B\u0026amp;R Automation Studio versions \u0026gt;=4.0 and \u0026lt;4.12 may allow an authenticated local attacker to execute code in the context of the product.\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "Improper DLL loading algorithms in B\u0026R Automation Studio versions \u003e=4.0 and \u003c4.12 may allow an authenticated local attacker to execute code in the context of the product."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "DLL Hijacking Vulnerability in Automation Studio",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-27T07:33:47.854Z",
            "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
            "shortName": "ABB"
          },
          "references": [
            {
              "url": "https://www.br-automation.com/fileadmin/2021-10_DLL_Hijacking_Vulnerability_in_Automation_Studio-7dd34511.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "DLL Hijacking Vulnerability in Automation Studio",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "assignerShortName": "ABB",
        "cveId": "CVE-2021-22280",
        "datePublished": "2024-05-14T19:36:51.930Z",
        "dateReserved": "2021-01-05T17:31:49.080Z",
        "dateUpdated": "2024-08-03T18:37:18.537Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-0220 (GCVE-0-2024-0220)

    Vulnerability from cvelistv5 – Published: 2024-02-22 10:15 – Updated: 2024-09-19 17:24
    VLAI
    Title
    B&R products use insufficient communication encryption
    Summary
    B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive data.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1240 - Use of a Cryptographic Primitive with a Risky Implementation
    • CWE-319 - Cleartext Transmission of Sensitive Information
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    ABB
    Impacted products
    Vendor Product Version
    B&R Industrial Automation Automation Studio Affected: 4.0 , < 4.6 (patch)
    Create a notification for this product.
    B&R Industrial Automation Technology Guarding Affected: 1.0.0 , < 1.4.0 (patch)
    Create a notification for this product.
    br-automation automation_studio Affected: 4.0 , < 4.6 (custom)
        cpe:2.3:a:br-automation:automation_studio:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-02-22 10:10
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T17:41:15.976Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.br-automation.com/fileadmin/SA23P019_Automation_Studio_Upgrade_Service_uses_insufficient_encryption.pdf-1b3b181c.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:br-automation:automation_studio:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "automation_studio",
                "vendor": "br-automation",
                "versions": [
                  {
                    "lessThan": "4.6",
                    "status": "affected",
                    "version": "4.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-0220",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-22T16:23:26.378691Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-28T16:52:09.908Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Upgrade Service"
              ],
              "product": "Automation Studio",
              "vendor": "B\u0026R Industrial Automation",
              "versions": [
                {
                  "lessThan": "4.6",
                  "status": "affected",
                  "version": "4.0",
                  "versionType": "patch"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Technology Guarding",
              "vendor": "B\u0026R Industrial Automation",
              "versions": [
                {
                  "lessThan": "1.4.0",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "patch"
                }
              ]
            }
          ],
          "datePublic": "2024-02-22T10:10:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "B\u0026amp;R Automation Studio Upgrade Service and B\u0026amp;R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive data.\n\n\u003cbr\u003e"
                }
              ],
              "value": "B\u0026R Automation Studio Upgrade Service and B\u0026R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive data."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1240",
                  "description": "CWE-1240: Use of a Cryptographic Primitive with a Risky Implementation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-319",
                  "description": "CWE-319 Cleartext Transmission of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-19T17:24:51.723Z",
            "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
            "shortName": "ABB"
          },
          "references": [
            {
              "url": "https://www.br-automation.com/fileadmin/SA23P019_Automation_Studio_Upgrade_Service_uses_insufficient_encryption.pdf-1b3b181c.pdf"
            }
          ],
          "source": {
            "advisory": "2023-P019",
            "discovery": "INTERNAL"
          },
          "title": "B\u0026R products use insufficient communication encryption",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "assignerShortName": "ABB",
        "cveId": "CVE-2024-0220",
        "datePublished": "2024-02-22T10:15:44.750Z",
        "dateReserved": "2024-01-03T15:46:41.224Z",
        "dateUpdated": "2024-09-19T17:24:51.723Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-22281 (GCVE-0-2021-22281)

    Vulnerability from cvelistv5 – Published: 2024-02-02 07:24 – Updated: 2024-08-21 17:32
    VLAI
    Title
    Zip Slip Vulnerability in B&R Automation Studio Project Import
    Summary
    : Relative Path Traversal vulnerability in B&R Industrial Automation Automation Studio allows Relative Path Traversal.This issue affects Automation Studio: from 4.0 through 4.12.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-23 - Relative Path Traversal
    Assigner
    ABB
    Impacted products
    Vendor Product Version
    B&R Industrial Automation Automation Studio Affected: 4.0 , ≤ 4.12 (custom)
    Create a notification for this product.
    Date Public
    2021-10-28 18:30
    Credits
    B&R would like to thank the following for working with us to help protect our customers: Mr. Mashav Sapir of Claroty, Mr. Andrew Hofmans
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T18:37:18.432Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.br-automation.com/fileadmin/2021-11_ZipSlip_Vulnerability_in_Automation_Studio_Project_Import-b90d2f42.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-22281",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-21T15:56:31.407839Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-21T17:32:38.731Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Automation Studio",
              "vendor": "B\u0026R Industrial Automation",
              "versions": [
                {
                  "lessThanOrEqual": "4.12",
                  "status": "affected",
                  "version": "4.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "B\u0026R would like to thank the following for working with us to help protect our customers: Mr. Mashav Sapir of Claroty, Mr. Andrew Hofmans"
            }
          ],
          "datePublic": "2021-10-28T18:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": ": Relative Path Traversal vulnerability in B\u0026amp;R Industrial Automation Automation Studio allows Relative Path Traversal.\u003cp\u003eThis issue affects Automation Studio: from 4.0 through 4.12.\u003c/p\u003e"
                }
              ],
              "value": ": Relative Path Traversal vulnerability in B\u0026R Industrial Automation Automation Studio allows Relative Path Traversal.This issue affects Automation Studio: from 4.0 through 4.12.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-139",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-139 Relative Path Traversal"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "CWE-23: Relative Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-02T11:25:16.360Z",
            "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
            "shortName": "ABB"
          },
          "references": [
            {
              "url": "https://www.br-automation.com/fileadmin/2021-11_ZipSlip_Vulnerability_in_Automation_Studio_Project_Import-b90d2f42.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Zip Slip Vulnerability in B\u0026R Automation Studio Project Import",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\nB\u0026amp;R recommends the following specific workarounds and mitigations:\nOpen only B\u0026amp;R Automation Studio project files from trusted source.\nUse encrypted export of B\u0026amp;R Automation Studio project files, thus only allowing access to legitimate \nusers.\nProtect locations where B\u0026amp;R Automation Studio projects are stored from unauthorized access. This \nincludes PLCs, when using the feature to back up project source files on target.\nDo not run B\u0026amp;R Automation Studio in elevated mode.\nMake sure, that Windows User Access Control (UAC) is enabled.\nVerify integrity of B\u0026amp;R Automation Studio project files, which are exchanged via potentially insecure \nchannels\nIn general, B\u0026amp;R recommends implementing the Cyber Security guidelines\n\n\u003cbr\u003e"
                }
              ],
              "value": "\nB\u0026R recommends the following specific workarounds and mitigations:\nOpen only B\u0026R Automation Studio project files from trusted source.\nUse encrypted export of B\u0026R Automation Studio project files, thus only allowing access to legitimate \nusers.\nProtect locations where B\u0026R Automation Studio projects are stored from unauthorized access. This \nincludes PLCs, when using the feature to back up project source files on target.\nDo not run B\u0026R Automation Studio in elevated mode.\nMake sure, that Windows User Access Control (UAC) is enabled.\nVerify integrity of B\u0026R Automation Studio project files, which are exchanged via potentially insecure \nchannels\nIn general, B\u0026R recommends implementing the Cyber Security guidelines\n\n\n"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "assignerShortName": "ABB",
        "cveId": "CVE-2021-22281",
        "datePublished": "2024-02-02T07:24:29.599Z",
        "dateReserved": "2021-01-05T17:31:49.080Z",
        "dateUpdated": "2024-08-21T17:32:38.731Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-24682 (GCVE-0-2020-24682)

    Vulnerability from cvelistv5 – Published: 2024-02-02 07:11 – Updated: 2025-06-17 21:29
    VLAI
    Title
    Automation Studio and PVI Multiple unquoted service path vulnerabilities
    Summary
    Unquoted Search Path or Element vulnerability in B&R Industrial Automation Automation Studio, B&R Industrial Automation NET/PVI allows Target Programs with Elevated Privileges.This issue affects Automation Studio: from 4.0 through 4.6, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4 SP; NET/PVI: from 4.0 through 4.6, from 4.7.0 before 4.7.7, from 4.8.0 before 4.8.6, from 4.9.0 before 4.9.4.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-428 - Unquoted Search Path or Element
    Assigner
    ABB
    Impacted products
    Vendor Product Version
    B&R Industrial Automation Automation Studio Affected: 4.0 , ≤ 4.6 (custom)
    Affected: 4.7.0 , < 4.7.7 SP (custom)
    Affected: 4.8.0 , < 4.8.6 SP (custom)
    Affected: 4.9.0 , < 4.9.4 SP (custom)
    Create a notification for this product.
    B&R Industrial Automation NET/PVI Affected: 4.0 , ≤ 4.6 (custom)
    Affected: 4.7.0 , < 4.7.7 (custom)
    Affected: 4.8.0 , < 4.8.6 (custom)
    Affected: 4.9.0 , < 4.9.4 (custom)
    Create a notification for this product.
    Credits
    B&R would like to thank the following for working with us to help protect our customers: Mr. Andrew Hofmans
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T15:19:09.304Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.br-automation.com/fileadmin/2021-14-BR-AS-NET-PVI-Service-Issues-c3710fbf.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-24682",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-02T14:19:51.368303Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-17T21:29:22.845Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Automation Studio",
              "vendor": "B\u0026R Industrial Automation",
              "versions": [
                {
                  "lessThanOrEqual": "4.6",
                  "status": "affected",
                  "version": "4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.7.7 SP",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.8.6 SP",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.9.4 SP",
                  "status": "affected",
                  "version": "4.9.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "NET/PVI",
              "vendor": "B\u0026R Industrial Automation",
              "versions": [
                {
                  "lessThanOrEqual": "4.6",
                  "status": "affected",
                  "version": "4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.7.7",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.8.6",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.9.4",
                  "status": "affected",
                  "version": "4.9.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "B\u0026R would like to thank the following for working with us to help protect our customers: Mr. Andrew Hofmans"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Unquoted Search Path or Element vulnerability in B\u0026amp;R Industrial Automation Automation Studio, B\u0026amp;R Industrial Automation NET/PVI allows Target Programs with Elevated Privileges.\u003cp\u003eThis issue affects Automation Studio: from 4.0 through 4.6, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4 SP; NET/PVI: from 4.0 through 4.6, from 4.7.0 before 4.7.7, from 4.8.0 before 4.8.6, from 4.9.0 before 4.9.4.\u003c/p\u003e"
                }
              ],
              "value": "Unquoted Search Path or Element vulnerability in B\u0026R Industrial Automation Automation Studio, B\u0026R Industrial Automation NET/PVI allows Target Programs with Elevated Privileges.This issue affects Automation Studio: from 4.0 through 4.6, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4 SP; NET/PVI: from 4.0 through 4.6, from 4.7.0 before 4.7.7, from 4.8.0 before 4.8.6, from 4.9.0 before 4.9.4.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-69",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-69 Target Programs with Elevated Privileges"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-428",
                  "description": "CWE-428 Unquoted Search Path or Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-02T11:30:17.773Z",
            "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
            "shortName": "ABB"
          },
          "references": [
            {
              "url": "https://www.br-automation.com/fileadmin/2021-14-BR-AS-NET-PVI-Service-Issues-c3710fbf.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Automation Studio and PVI Multiple unquoted service path vulnerabilities",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\n\nB\u0026amp;R has identified the following specific workarounds and mitigations.\nUsers of B\u0026amp;R Automation Studio and PVI may manually reconfigure the service paths and enclose them \nin quotes.\nAdditionally, it is recommended to limit access to the workstation running B\u0026amp;R Automation Studio and PVI \nto authorized users\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "\n\n\nB\u0026R has identified the following specific workarounds and mitigations.\nUsers of B\u0026R Automation Studio and PVI may manually reconfigure the service paths and enclose them \nin quotes.\nAdditionally, it is recommended to limit access to the workstation running B\u0026R Automation Studio and PVI \nto authorized users\n\n\n\n\n"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "assignerShortName": "ABB",
        "cveId": "CVE-2020-24682",
        "datePublished": "2024-02-02T07:11:44.086Z",
        "dateReserved": "2020-08-26T00:00:00.000Z",
        "dateUpdated": "2025-06-17T21:29:22.845Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-24681 (GCVE-0-2020-24681)

    Vulnerability from cvelistv5 – Published: 2024-02-02 06:58 – Updated: 2025-05-09 17:52
    VLAI
    Title
    Automation Studio and PVI Multiple incorrect permission assignments for services
    Summary
    Incorrect Permission Assignment for Critical Resource vulnerability in B&R Industrial Automation Automation Studio allows Privilege Escalation.This issue affects Automation Studio: from 4.6.0 through 4.6.X, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4 SP.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-732 - Incorrect Permission Assignment for Critical Resource
    Assigner
    ABB
    Impacted products
    Vendor Product Version
    B&R Industrial Automation Automation Studio Affected: 4.6.0 , ≤ 4.6.x (custom)
    Affected: 4.7.0 , < 4.7.7 SP (custom)
    Affected: 4.8.0 , < 4.8.6 SP (custom)
    Affected: 4.9.0 , < 4.9.4 SP (custom)
    Create a notification for this product.
    B&R Industrial Automation NET/PVI Affected: 4.6.0 , ≤ 4.6.x (custom)
    Affected: 4.7.0 , < 4.7.7 (custom)
    Affected: 4.8.0 , < 4.8.6 (custom)
    Affected: 4.9.0 , < 4.9.4 (custom)
    Create a notification for this product.
    Date Public
    2021-11-29 18:30
    Credits
    B&R would like to thank the following for working with us to help protect our customers: Mr. Andrew Hofmans
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T15:19:09.083Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.br-automation.com/fileadmin/2021-14-BR-AS-NET-PVI-Service-Issues-c3710fbf.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-24681",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-02T17:22:16.797450Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-09T17:52:17.145Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Automation Studio",
              "vendor": "B\u0026R Industrial Automation",
              "versions": [
                {
                  "lessThanOrEqual": "4.6.x",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.7.7 SP",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.8.6 SP",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.9.4 SP",
                  "status": "affected",
                  "version": "4.9.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "NET/PVI",
              "vendor": "B\u0026R Industrial Automation",
              "versions": [
                {
                  "lessThanOrEqual": "4.6.x",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.7.7",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.8.6",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.9.4",
                  "status": "affected",
                  "version": "4.9.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "B\u0026R would like to thank the following for working with us to help protect our customers: Mr. Andrew Hofmans"
            }
          ],
          "datePublic": "2021-11-29T18:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Incorrect Permission Assignment for Critical Resource vulnerability in B\u0026amp;R Industrial Automation Automation Studio allows Privilege Escalation.\u003cp\u003eThis issue affects Automation Studio: from 4.6.0 through 4.6.X, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4 SP.\u003c/p\u003e"
                }
              ],
              "value": "Incorrect Permission Assignment for Critical Resource vulnerability in B\u0026R Industrial Automation Automation Studio allows Privilege Escalation.This issue affects Automation Studio: from 4.6.0 through 4.6.X, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4 SP.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-732",
                  "description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-02T06:58:24.173Z",
            "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
            "shortName": "ABB"
          },
          "references": [
            {
              "url": "https://www.br-automation.com/fileadmin/2021-14-BR-AS-NET-PVI-Service-Issues-c3710fbf.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Automation Studio and PVI Multiple incorrect permission assignments for services",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\nB\u0026amp;R has identified the following specific workarounds and mitigations.\nUsers of B\u0026amp;R Automation Studio and PVI may manually reconfigure permission settings on these \nservices to allow modification only for privileged users.\nAdditionally, it is recommended to limit access to the workstation running B\u0026amp;R Automation Studio and PVI \nto authorized users.\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "\nB\u0026R has identified the following specific workarounds and mitigations.\nUsers of B\u0026R Automation Studio and PVI may manually reconfigure permission settings on these \nservices to allow modification only for privileged users.\nAdditionally, it is recommended to limit access to the workstation running B\u0026R Automation Studio and PVI \nto authorized users.\n\n\n\n"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "assignerShortName": "ABB",
        "cveId": "CVE-2020-24681",
        "datePublished": "2024-02-02T06:58:24.173Z",
        "dateReserved": "2020-08-26T00:00:00.000Z",
        "dateUpdated": "2025-05-09T17:52:17.145Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-22282 (GCVE-0-2021-22282)

    Vulnerability from cvelistv5 – Published: 2024-02-02 06:38 – Updated: 2025-06-17 21:29
    VLAI
    Title
    RCE in B&R Automation Studio with crafted project files
    Summary
    Improper Control of Generation of Code ('Code Injection') vulnerability in B&R Industrial Automation Automation Studio allows Local Execution of Code.This issue affects Automation Studio: from 4.0 through 4.12.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    ABB
    Impacted products
    Vendor Product Version
    B&R Industrial Automation Automation Studio Affected: 4.0 , ≤ 4.12 (custom)
    Create a notification for this product.
    Date Public
    2021-10-28 18:30
    Credits
    B&R would like to thank the following for working with us to help protect our customers: Mr. Mashav Sapir of Claroty, Mr. Andrew Hofmans
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T18:37:18.516Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.br-automation.com/fileadmin/2021-12_RCE_Vulnerability_in_BnR_Automation_Studio-1b993aeb.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-22282",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-14T21:13:25.788287Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-17T21:29:23.035Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Automation Studio",
              "vendor": "B\u0026R Industrial Automation",
              "versions": [
                {
                  "lessThanOrEqual": "4.12",
                  "status": "affected",
                  "version": "4.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "B\u0026R would like to thank the following for working with us to help protect our customers: Mr. Mashav Sapir of Claroty, Mr. Andrew Hofmans"
            }
          ],
          "datePublic": "2021-10-28T18:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in B\u0026amp;R Industrial Automation Automation Studio allows Local Execution of Code.\u003cp\u003eThis issue affects Automation Studio: from 4.0 through 4.12.\u003c/p\u003e"
                }
              ],
              "value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in B\u0026R Industrial Automation Automation Studio allows Local Execution of Code.This issue affects Automation Studio: from 4.0 through 4.12.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-549",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-549 Local Execution of Code"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-02T11:25:49.556Z",
            "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
            "shortName": "ABB"
          },
          "references": [
            {
              "url": "https://www.br-automation.com/fileadmin/2021-12_RCE_Vulnerability_in_BnR_Automation_Studio-1b993aeb.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "RCE in B\u0026R Automation Studio with crafted project files",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\nB\u0026amp;R recommends the following specific workarounds and mitigations:\nOpen only B\u0026amp;R Automation Studio project files from trusted source.\nProtect locations where B\u0026amp;R Automation Studio projects are stored from unauthorized access. This \nincludes PLCs, when using the feature to back up project source files on target.\nDo not run B\u0026amp;R Automation Studio in elevated mode.\nVerify integrity of B\u0026amp;R Automation Studio project files, which are exchanged via potentially insecure \nchannels.\nMake sure, that Windows User Access Control (UAC) is enabled.\nIn general, B\u0026amp;R recommends implementing the Cyber Security guidelines.\n\n\u003cbr\u003e"
                }
              ],
              "value": "\nB\u0026R recommends the following specific workarounds and mitigations:\nOpen only B\u0026R Automation Studio project files from trusted source.\nProtect locations where B\u0026R Automation Studio projects are stored from unauthorized access. This \nincludes PLCs, when using the feature to back up project source files on target.\nDo not run B\u0026R Automation Studio in elevated mode.\nVerify integrity of B\u0026R Automation Studio project files, which are exchanged via potentially insecure \nchannels.\nMake sure, that Windows User Access Control (UAC) is enabled.\nIn general, B\u0026R recommends implementing the Cyber Security guidelines.\n\n\n"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "assignerShortName": "ABB",
        "cveId": "CVE-2021-22282",
        "datePublished": "2024-02-02T06:38:32.358Z",
        "dateReserved": "2021-01-05T17:31:49.080Z",
        "dateUpdated": "2025-06-17T21:29:23.035Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-22289 (GCVE-0-2021-22289)

    Vulnerability from cvelistv5 – Published: 2022-08-11 14:56 – Updated: 2024-08-03 18:37
    VLAI
    Title
    RCE through Project Upload from Target
    Summary
    Improper Input Validation vulnerability in the project upload mechanism in B&R Automation Studio version >=4.0 may allow an unauthenticated network attacker to execute code.
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    ABB
    References
    Impacted products
    Vendor Product Version
    B&R Industrial Automation Automation Studio Affected: 4 , < unspecified (custom)
    Create a notification for this product.
    Credits
    Mr. Mashav Sapir of Claroty
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T18:37:18.480Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1640529306294-en-original-1.0.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Automation Studio",
              "vendor": "B\u0026R Industrial Automation",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Mr. Mashav Sapir of Claroty"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Input Validation vulnerability in the project upload mechanism in B\u0026R Automation Studio version \u003e=4.0 may allow an unauthenticated network attacker to execute code."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-11T14:56:01.000Z",
            "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
            "shortName": "ABB"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1640529306294-en-original-1.0.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "RCE through Project Upload from Target",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@ch.abb.com",
              "ID": "CVE-2021-22289",
              "STATE": "PUBLIC",
              "TITLE": "RCE through Project Upload from Target"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Automation Studio",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "B\u0026R Industrial Automation"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Mr. Mashav Sapir of Claroty"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper Input Validation vulnerability in the project upload mechanism in B\u0026R Automation Studio version \u003e=4.0 may allow an unauthenticated network attacker to execute code."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-20 Improper Input Validation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1640529306294-en-original-1.0.pdf",
                  "refsource": "MISC",
                  "url": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1640529306294-en-original-1.0.pdf"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "assignerShortName": "ABB",
        "cveId": "CVE-2021-22289",
        "datePublished": "2022-08-11T14:56:02.000Z",
        "dateReserved": "2021-01-05T00:00:00.000Z",
        "dateUpdated": "2024-08-03T18:37:18.480Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }