Search criteria
11 vulnerabilities by B&R
CVE-2020-11637 (GCVE-0-2020-11637)
Vulnerability from cvelistv5 – Published: 2020-10-15 15:08 – Updated: 2024-09-16 16:33
VLAI?
Summary
A memory leak in the TFTP service in B&R Automation Runtime versions <N4.26, <N4.34, <F4.45, <E4.53, <D4.63, <A4.73 and prior could allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition.
Severity ?
5.8 (Medium)
CWE
- CWE-401 - Improper Release of Memory Before Removing Last Reference
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| B&R | Automation Runtime |
Affected:
unspecified , ≤ 4.1x
(custom)
Affected: 4.2x , < N4.26 (custom) Affected: 4.3x , < N4.34 (custom) Affected: 4.4x , < F4.45 (custom) Affected: 4.5x , < E4.53 (custom) Affected: 4.6x , < D4.63 (custom) Affected: 4.7x , < A4.73 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:35:13.385Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1595163815396-de-original-1.0.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Automation Runtime",
"vendor": "B\u0026R",
"versions": [
{
"lessThanOrEqual": "4.1x",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "N4.26",
"status": "affected",
"version": "4.2x",
"versionType": "custom"
},
{
"lessThan": "N4.34",
"status": "affected",
"version": "4.3x",
"versionType": "custom"
},
{
"lessThan": "F4.45",
"status": "affected",
"version": "4.4x",
"versionType": "custom"
},
{
"lessThan": "E4.53",
"status": "affected",
"version": "4.5x",
"versionType": "custom"
},
{
"lessThan": "D4.63",
"status": "affected",
"version": "4.6x",
"versionType": "custom"
},
{
"lessThan": "A4.73",
"status": "affected",
"version": "4.7x",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-08-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A memory leak in the TFTP service in B\u0026R Automation Runtime versions \u003cN4.26, \u003cN4.34, \u003cF4.45, \u003cE4.53, \u003cD4.63, \u003cA4.73 and prior could allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Improper Release of Memory Before Removing Last Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-15T15:08:14",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1595163815396-de-original-1.0.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Automation Runtime TFTP Service DoS Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"DATE_PUBLIC": "2020-08-12T00:00:00.000Z",
"ID": "CVE-2020-11637",
"STATE": "PUBLIC",
"TITLE": "Automation Runtime TFTP Service DoS Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Automation Runtime",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "4.1x"
},
{
"version_affected": "\u003c",
"version_name": "4.2x",
"version_value": "N4.26"
},
{
"version_affected": "\u003c",
"version_name": "4.3x",
"version_value": "N4.34"
},
{
"version_affected": "\u003c",
"version_name": "4.4x",
"version_value": "F4.45"
},
{
"version_affected": "\u003c",
"version_name": "4.5x",
"version_value": "E4.53"
},
{
"version_affected": "\u003c",
"version_name": "4.6x",
"version_value": "D4.63"
},
{
"version_affected": "\u003c",
"version_name": "4.7x",
"version_value": "A4.73"
}
]
}
}
]
},
"vendor_name": "B\u0026R"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A memory leak in the TFTP service in B\u0026R Automation Runtime versions \u003cN4.26, \u003cN4.34, \u003cF4.45, \u003cE4.53, \u003cD4.63, \u003cA4.73 and prior could allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-401 Improper Release of Memory Before Removing Last Reference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1595163815396-de-original-1.0.pdf",
"refsource": "MISC",
"url": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1595163815396-de-original-1.0.pdf"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2020-11637",
"datePublished": "2020-10-15T15:08:14.438915Z",
"dateReserved": "2020-04-08T00:00:00",
"dateUpdated": "2024-09-16T16:33:01.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11646 (GCVE-0-2020-11646)
Vulnerability from cvelistv5 – Published: 2020-10-15 14:59 – Updated: 2024-09-17 04:20
VLAI?
Summary
A log information disclosure vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to view log information reserved for other users.
Severity ?
4.3 (Medium)
CWE
- CWE-532 - Information Exposure Through Log Files
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| B&R | GateManager |
Affected:
4260 , < 9.0.20262
(custom)
Affected: 9250 , < 9.0.20262 (custom) Affected: 8250 , < 9.2.620236042 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:35:13.460Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-273-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GateManager",
"vendor": "B\u0026R",
"versions": [
{
"lessThan": "9.0.20262",
"status": "affected",
"version": "4260",
"versionType": "custom"
},
{
"lessThan": "9.0.20262",
"status": "affected",
"version": "9250",
"versionType": "custom"
},
{
"lessThan": "9.2.620236042",
"status": "affected",
"version": "8250",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-09-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A log information disclosure vulnerability in B\u0026R GateManager 4260 and 9250 versions \u003c9.0.20262 and GateManager 8250 versions \u003c9.2.620236042 allows authenticated users to view log information reserved for other users."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Information Exposure Through Log Files",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-17T01:35:03",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-273-03"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "GateManager Log Information Disclosure Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"DATE_PUBLIC": "2020-09-29T00:00:00.000Z",
"ID": "CVE-2020-11646",
"STATE": "PUBLIC",
"TITLE": "GateManager Log Information Disclosure Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GateManager",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "4260",
"version_value": "9.0.20262"
},
{
"version_affected": "\u003c",
"version_name": "9250",
"version_value": "9.0.20262"
},
{
"version_affected": "\u003c",
"version_name": "8250",
"version_value": "9.2.620236042"
}
]
}
}
]
},
"vendor_name": "B\u0026R"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A log information disclosure vulnerability in B\u0026R GateManager 4260 and 9250 versions \u003c9.0.20262 and GateManager 8250 versions \u003c9.2.620236042 allows authenticated users to view log information reserved for other users."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532 Information Exposure Through Log Files"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf",
"refsource": "MISC",
"url": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-273-03",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-273-03"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2020-11646",
"datePublished": "2020-10-15T14:59:26.606024Z",
"dateReserved": "2020-04-08T00:00:00",
"dateUpdated": "2024-09-17T04:20:30.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11645 (GCVE-0-2020-11645)
Vulnerability from cvelistv5 – Published: 2020-10-15 14:59 – Updated: 2024-09-17 01:31
VLAI?
Summary
A denial of service vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to limit availability of GateManager instances.
Severity ?
6.5 (Medium)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| B&R | GateManager |
Affected:
4260 , < 9.0.20262
(custom)
Affected: 9250 , < 9.0.20262 (custom) Affected: 8250 , < 9.2.620236042 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:35:13.674Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-273-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GateManager",
"vendor": "B\u0026R",
"versions": [
{
"lessThan": "9.0.20262",
"status": "affected",
"version": "4260",
"versionType": "custom"
},
{
"lessThan": "9.0.20262",
"status": "affected",
"version": "9250",
"versionType": "custom"
},
{
"lessThan": "9.2.620236042",
"status": "affected",
"version": "8250",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-09-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability in B\u0026R GateManager 4260 and 9250 versions \u003c9.0.20262 and GateManager 8250 versions \u003c9.2.620236042 allows authenticated users to limit availability of GateManager instances."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-17T01:34:56",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-273-03"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "GateManager Denial of Service Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"DATE_PUBLIC": "2020-09-29T00:00:00.000Z",
"ID": "CVE-2020-11645",
"STATE": "PUBLIC",
"TITLE": "GateManager Denial of Service Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GateManager",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "4260",
"version_value": "9.0.20262"
},
{
"version_affected": "\u003c",
"version_name": "9250",
"version_value": "9.0.20262"
},
{
"version_affected": "\u003c",
"version_name": "8250",
"version_value": "9.2.620236042"
}
]
}
}
]
},
"vendor_name": "B\u0026R"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability in B\u0026R GateManager 4260 and 9250 versions \u003c9.0.20262 and GateManager 8250 versions \u003c9.2.620236042 allows authenticated users to limit availability of GateManager instances."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf",
"refsource": "MISC",
"url": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-273-03",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-273-03"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2020-11645",
"datePublished": "2020-10-15T14:59:08.500788Z",
"dateReserved": "2020-04-08T00:00:00",
"dateUpdated": "2024-09-17T01:31:40.263Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11642 (GCVE-0-2020-11642)
Vulnerability from cvelistv5 – Published: 2020-10-15 14:58 – Updated: 2024-09-17 01:11
VLAI?
Summary
The local file inclusion vulnerability present in B&R SiteManager versions <9.2.620236042 allows authenticated users to impact availability of SiteManager instances.
Severity ?
7.7 (High)
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| B&R | SiteManager |
Affected:
unspecified , < 9.2.620236042
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:35:13.388Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-273-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SiteManager",
"vendor": "B\u0026R",
"versions": [
{
"lessThan": "9.2.620236042",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-09-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The local file inclusion vulnerability present in B\u0026R SiteManager versions \u003c9.2.620236042 allows authenticated users to impact availability of SiteManager instances."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-17T01:33:36",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-273-03"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SiteManager Denial of Service via Local File Inclusion Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"DATE_PUBLIC": "2020-09-29T00:00:00.000Z",
"ID": "CVE-2020-11642",
"STATE": "PUBLIC",
"TITLE": "SiteManager Denial of Service via Local File Inclusion Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SiteManager",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "9.2.620236042"
}
]
}
}
]
},
"vendor_name": "B\u0026R"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The local file inclusion vulnerability present in B\u0026R SiteManager versions \u003c9.2.620236042 allows authenticated users to impact availability of SiteManager instances."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-552 Files or Directories Accessible to External Parties"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf",
"refsource": "MISC",
"url": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-273-03",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-273-03"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2020-11642",
"datePublished": "2020-10-15T14:58:48.634942Z",
"dateReserved": "2020-04-08T00:00:00",
"dateUpdated": "2024-09-17T01:11:16.044Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11641 (GCVE-0-2020-11641)
Vulnerability from cvelistv5 – Published: 2020-10-15 14:58 – Updated: 2024-09-17 04:28
VLAI?
Summary
A local file inclusion vulnerability in B&R SiteManager versions <9.2.620236042 allows authenticated users to read sensitive files from SiteManager instances.
Severity ?
7.7 (High)
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| B&R | SiteManager |
Affected:
unspecified , < 9.2.620236042
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:35:13.849Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-273-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SiteManager",
"vendor": "B\u0026R",
"versions": [
{
"lessThan": "9.2.620236042",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-09-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A local file inclusion vulnerability in B\u0026R SiteManager versions \u003c9.2.620236042 allows authenticated users to read sensitive files from SiteManager instances."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-17T01:33:25",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-273-03"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SiteManager Local File Inclusion Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"DATE_PUBLIC": "2020-09-29T00:00:00.000Z",
"ID": "CVE-2020-11641",
"STATE": "PUBLIC",
"TITLE": "SiteManager Local File Inclusion Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SiteManager",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "9.2.620236042"
}
]
}
}
]
},
"vendor_name": "B\u0026R"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A local file inclusion vulnerability in B\u0026R SiteManager versions \u003c9.2.620236042 allows authenticated users to read sensitive files from SiteManager instances."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-552 Files or Directories Accessible to External Parties"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf",
"refsource": "MISC",
"url": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-273-03",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-273-03"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2020-11641",
"datePublished": "2020-10-15T14:58:27.058521Z",
"dateReserved": "2020-04-08T00:00:00",
"dateUpdated": "2024-09-17T04:28:49.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11644 (GCVE-0-2020-11644)
Vulnerability from cvelistv5 – Published: 2020-10-15 14:57 – Updated: 2024-09-16 19:31
VLAI?
Summary
The information disclosure vulnerability present in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to generate fake audit log messages.
Severity ?
6.5 (Medium)
CWE
- CWE-117 - Improper Output Neutralization for Logs
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| B&R | GateManager |
Affected:
4260 , < 9.0.20262
(custom)
Affected: 9250 , < 9.0.20262 (custom) Affected: 8250 , < 9.2.620236042 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:35:13.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-273-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GateManager",
"vendor": "B\u0026R",
"versions": [
{
"lessThan": "9.0.20262",
"status": "affected",
"version": "4260",
"versionType": "custom"
},
{
"lessThan": "9.0.20262",
"status": "affected",
"version": "9250",
"versionType": "custom"
},
{
"lessThan": "9.2.620236042",
"status": "affected",
"version": "8250",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-09-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The information disclosure vulnerability present in B\u0026R GateManager 4260 and 9250 versions \u003c9.0.20262 and GateManager 8250 versions \u003c9.2.620236042 allows authenticated users to generate fake audit log messages."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-117",
"description": "CWE-117 Improper Output Neutralization for Logs",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-17T01:34:49",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-273-03"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "GateManager Audit Message Spoofing Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"DATE_PUBLIC": "2020-09-29T00:00:00.000Z",
"ID": "CVE-2020-11644",
"STATE": "PUBLIC",
"TITLE": "GateManager Audit Message Spoofing Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GateManager",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "4260",
"version_value": "9.0.20262"
},
{
"version_affected": "\u003c",
"version_name": "9250",
"version_value": "9.0.20262"
},
{
"version_affected": "\u003c",
"version_name": "8250",
"version_value": "9.2.620236042"
}
]
}
}
]
},
"vendor_name": "B\u0026R"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The information disclosure vulnerability present in B\u0026R GateManager 4260 and 9250 versions \u003c9.0.20262 and GateManager 8250 versions \u003c9.2.620236042 allows authenticated users to generate fake audit log messages."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-117 Improper Output Neutralization for Logs"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf",
"refsource": "MISC",
"url": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-273-03",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-273-03"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2020-11644",
"datePublished": "2020-10-15T14:57:58.788754Z",
"dateReserved": "2020-04-08T00:00:00",
"dateUpdated": "2024-09-16T19:31:37.806Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11643 (GCVE-0-2020-11643)
Vulnerability from cvelistv5 – Published: 2020-10-15 14:57 – Updated: 2024-09-17 02:41
VLAI?
Summary
An information disclosure vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to view information of devices belonging to foreign domains.
Severity ?
6.5 (Medium)
CWE
- CWE-532 - Information Exposure Through Log Files
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| B&R | GateManager |
Affected:
4260 , < 9.0.20262
(custom)
Affected: 9250 , < 9.0.20262 (custom) Affected: 8250 , < 9.2.620236042 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:35:13.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-273-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GateManager",
"vendor": "B\u0026R",
"versions": [
{
"lessThan": "9.0.20262",
"status": "affected",
"version": "4260",
"versionType": "custom"
},
{
"lessThan": "9.0.20262",
"status": "affected",
"version": "9250",
"versionType": "custom"
},
{
"lessThan": "9.2.620236042",
"status": "affected",
"version": "8250",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-09-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability in B\u0026R GateManager 4260 and 9250 versions \u003c9.0.20262 and GateManager 8250 versions \u003c9.2.620236042 allows authenticated users to view information of devices belonging to foreign domains."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Information Exposure Through Log Files",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-17T01:34:39",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-273-03"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "GateManager Information Disclosure Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"DATE_PUBLIC": "2020-09-29T00:00:00.000Z",
"ID": "CVE-2020-11643",
"STATE": "PUBLIC",
"TITLE": "GateManager Information Disclosure Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GateManager",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "4260",
"version_value": "9.0.20262"
},
{
"version_affected": "\u003c",
"version_name": "9250",
"version_value": "9.0.20262"
},
{
"version_affected": "\u003c",
"version_name": "8250",
"version_value": "9.2.620236042"
}
]
}
}
]
},
"vendor_name": "B\u0026R"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability in B\u0026R GateManager 4260 and 9250 versions \u003c9.0.20262 and GateManager 8250 versions \u003c9.2.620236042 allows authenticated users to view information of devices belonging to foreign domains."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532 Information Exposure Through Log Files"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf",
"refsource": "MISC",
"url": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1600003183751-de-original-1.0.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-273-03",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-273-03"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2020-11643",
"datePublished": "2020-10-15T14:57:22.323453Z",
"dateReserved": "2020-04-08T00:00:00",
"dateUpdated": "2024-09-17T02:41:20.734Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19100 (GCVE-0-2019-19100)
Vulnerability from cvelistv5 – Published: 2020-04-29 02:09 – Updated: 2024-08-05 02:09
VLAI?
Summary
A privilege escalation vulnerability in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x, 4.2.x, < 4.3.11SP, < 4.4.9SP, < 4.5.4SP, <. 4.6.3SP, < 4.7.2 and < 4.8.1 allow authenticated users to delete arbitrary files via an exposed interface.
Severity ?
7.5 (High)
CWE
- CWE-264 - Permissions, Privileges, and Access Controls
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| B&R | Automation Studio |
Affected:
4.0.x
Affected: 4.1.x Affected: 4.2.x Affected: < 4.3.11SP Affected: < 4.4.9SP Affected: < 4.5.4SP Affected: < 4.6.3SP Affected: < 4.7.2 Affected: < 4.8.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:09:39.275Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.br-automation.com/en/downloads/032020-multiple-vulnerabilities-in-automation-studio/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Automation Studio",
"vendor": "B\u0026R",
"versions": [
{
"status": "affected",
"version": "4.0.x"
},
{
"status": "affected",
"version": "4.1.x"
},
{
"status": "affected",
"version": "4.2.x"
},
{
"status": "affected",
"version": "\u003c 4.3.11SP"
},
{
"status": "affected",
"version": "\u003c 4.4.9SP"
},
{
"status": "affected",
"version": "\u003c 4.5.4SP"
},
{
"status": "affected",
"version": "\u003c 4.6.3SP"
},
{
"status": "affected",
"version": "\u003c 4.7.2"
},
{
"status": "affected",
"version": "\u003c 4.8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A privilege escalation vulnerability in the upgrade service in B\u0026R Automation Studio versions 4.0.x, 4.1.x, 4.2.x, \u003c 4.3.11SP, \u003c 4.4.9SP, \u003c 4.5.4SP, \u003c. 4.6.3SP, \u003c 4.7.2 and \u003c 4.8.1 allow authenticated users to delete arbitrary files via an exposed interface."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-264",
"description": "CWE-264 Permissions, Privileges, and Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-29T02:09:21",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.br-automation.com/en/downloads/032020-multiple-vulnerabilities-in-automation-studio/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Privilege escalation via B\u0026R Automation Studio upgrade service",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"ID": "CVE-2019-19100",
"STATE": "PUBLIC",
"TITLE": "Privilege escalation via B\u0026R Automation Studio upgrade service"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Automation Studio",
"version": {
"version_data": [
{
"version_value": "4.0.x"
},
{
"version_value": "4.1.x"
},
{
"version_value": "4.2.x"
},
{
"version_value": "\u003c 4.3.11SP"
},
{
"version_value": "\u003c 4.4.9SP"
},
{
"version_value": "\u003c 4.5.4SP"
},
{
"version_value": "\u003c 4.6.3SP"
},
{
"version_value": "\u003c 4.7.2"
},
{
"version_value": "\u003c 4.8.1"
}
]
}
}
]
},
"vendor_name": "B\u0026R"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A privilege escalation vulnerability in the upgrade service in B\u0026R Automation Studio versions 4.0.x, 4.1.x, 4.2.x, \u003c 4.3.11SP, \u003c 4.4.9SP, \u003c 4.5.4SP, \u003c. 4.6.3SP, \u003c 4.7.2 and \u003c 4.8.1 allow authenticated users to delete arbitrary files via an exposed interface."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264 Permissions, Privileges, and Access Controls"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.br-automation.com/en/downloads/032020-multiple-vulnerabilities-in-automation-studio/",
"refsource": "CONFIRM",
"url": "https://www.br-automation.com/en/downloads/032020-multiple-vulnerabilities-in-automation-studio/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2019-19100",
"datePublished": "2020-04-29T02:09:21",
"dateReserved": "2019-11-18T00:00:00",
"dateUpdated": "2024-08-05T02:09:39.275Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19102 (GCVE-0-2019-19102)
Vulnerability from cvelistv5 – Published: 2020-04-29 02:07 – Updated: 2024-08-05 02:09
VLAI?
Summary
A directory traversal vulnerability in SharpZipLib used in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x and 4.2.x allow unauthenticated users to write to certain local directories. The vulnerability is also known as zip slip.
Severity ?
5.5 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| B&R | Automation Studio |
Affected:
4.0.x
Affected: 4.1.x Affected: 4.2.x |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:09:39.123Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.br-automation.com/en/downloads/032020-multiple-vulnerabilities-in-automation-studio/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Automation Studio",
"vendor": "B\u0026R",
"versions": [
{
"status": "affected",
"version": "4.0.x"
},
{
"status": "affected",
"version": "4.1.x"
},
{
"status": "affected",
"version": "4.2.x"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A directory traversal vulnerability in SharpZipLib used in the upgrade service in B\u0026R Automation Studio versions 4.0.x, 4.1.x and 4.2.x allow unauthenticated users to write to certain local directories. The vulnerability is also known as zip slip."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-29T02:07:47",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.br-automation.com/en/downloads/032020-multiple-vulnerabilities-in-automation-studio/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zip Slip vulnerability in 3rd-Party library in B\u0026R Automation Studio upgrade service",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"ID": "CVE-2019-19102",
"STATE": "PUBLIC",
"TITLE": "Zip Slip vulnerability in 3rd-Party library in B\u0026R Automation Studio upgrade service"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Automation Studio",
"version": {
"version_data": [
{
"version_value": "4.0.x"
},
{
"version_value": "4.1.x"
},
{
"version_value": "4.2.x"
}
]
}
}
]
},
"vendor_name": "B\u0026R"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A directory traversal vulnerability in SharpZipLib used in the upgrade service in B\u0026R Automation Studio versions 4.0.x, 4.1.x and 4.2.x allow unauthenticated users to write to certain local directories. The vulnerability is also known as zip slip."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.br-automation.com/en/downloads/032020-multiple-vulnerabilities-in-automation-studio/",
"refsource": "CONFIRM",
"url": "https://www.br-automation.com/en/downloads/032020-multiple-vulnerabilities-in-automation-studio/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2019-19102",
"datePublished": "2020-04-29T02:07:47",
"dateReserved": "2019-11-18T00:00:00",
"dateUpdated": "2024-08-05T02:09:39.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19101 (GCVE-0-2019-19101)
Vulnerability from cvelistv5 – Published: 2020-04-29 02:07 – Updated: 2024-08-05 02:09
VLAI?
Summary
A missing secure communication definition and an incomplete TLS validation in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x, 4.2.x, < 4.3.11SP, < 4.4.9SP, < 4.5.5SP, < 4.6.4 and < 4.7.2 enable unauthenticated users to perform MITM attacks via the B&R upgrade server.
Severity ?
6.5 (Medium)
CWE
- CWE-326 - Inadequate Encryption Strength
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| B&R | Automation Studio |
Affected:
4.0.x
Affected: 4.1.x Affected: 4.2.x Affected: < 4.3.11SP Affected: < 4.4.9SP Affected: < 4.5.5SP Affected: < 4.6.3SP Affected: < 4.7.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:09:39.436Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.br-automation.com/en/downloads/032020-multiple-vulnerabilities-in-automation-studio/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Automation Studio",
"vendor": "B\u0026R",
"versions": [
{
"status": "affected",
"version": "4.0.x"
},
{
"status": "affected",
"version": "4.1.x"
},
{
"status": "affected",
"version": "4.2.x"
},
{
"status": "affected",
"version": "\u003c 4.3.11SP"
},
{
"status": "affected",
"version": "\u003c 4.4.9SP"
},
{
"status": "affected",
"version": "\u003c 4.5.5SP"
},
{
"status": "affected",
"version": "\u003c 4.6.3SP"
},
{
"status": "affected",
"version": "\u003c 4.7.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A missing secure communication definition and an incomplete TLS validation in the upgrade service in B\u0026R Automation Studio versions 4.0.x, 4.1.x, 4.2.x, \u003c 4.3.11SP, \u003c 4.4.9SP, \u003c 4.5.5SP, \u003c 4.6.4 and \u003c 4.7.2 enable unauthenticated users to perform MITM attacks via the B\u0026R upgrade server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-326",
"description": "CWE-326 Inadequate Encryption Strength",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-29T02:07:31",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.br-automation.com/en/downloads/032020-multiple-vulnerabilities-in-automation-studio/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Incomplete communication encryption and validation in B\u0026R Automation Studio upgrade service",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"ID": "CVE-2019-19101",
"STATE": "PUBLIC",
"TITLE": "Incomplete communication encryption and validation in B\u0026R Automation Studio upgrade service"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Automation Studio",
"version": {
"version_data": [
{
"version_value": "4.0.x"
},
{
"version_value": "4.1.x"
},
{
"version_value": "4.2.x"
},
{
"version_value": "\u003c 4.3.11SP"
},
{
"version_value": "\u003c 4.4.9SP"
},
{
"version_value": "\u003c 4.5.5SP"
},
{
"version_value": "\u003c 4.6.3SP"
},
{
"version_value": "\u003c 4.7.2"
}
]
}
}
]
},
"vendor_name": "B\u0026R"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A missing secure communication definition and an incomplete TLS validation in the upgrade service in B\u0026R Automation Studio versions 4.0.x, 4.1.x, 4.2.x, \u003c 4.3.11SP, \u003c 4.4.9SP, \u003c 4.5.5SP, \u003c 4.6.4 and \u003c 4.7.2 enable unauthenticated users to perform MITM attacks via the B\u0026R upgrade server."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-326 Inadequate Encryption Strength"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.br-automation.com/en/downloads/032020-multiple-vulnerabilities-in-automation-studio/",
"refsource": "CONFIRM",
"url": "https://www.br-automation.com/en/downloads/032020-multiple-vulnerabilities-in-automation-studio/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2019-19101",
"datePublished": "2020-04-29T02:07:32",
"dateReserved": "2019-11-18T00:00:00",
"dateUpdated": "2024-08-05T02:09:39.436Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19108 (GCVE-0-2019-19108)
Vulnerability from cvelistv5 – Published: 2020-04-20 21:48 – Updated: 2024-08-05 02:09
VLAI?
Summary
An authentication weakness in the SNMP service in B&R Automation Runtime versions 2.96, 3.00, 3.01, 3.06 to 3.10, 4.00 to 4.63, 4.72 and above allows unauthenticated users to modify the configuration of B&R products via SNMP.
Severity ?
9.4 (Critical)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| B&R | Automation Runtime |
Affected:
2 <= 2.96
Affected: 3 <= 3.10 Affected: 4 <= 4.72 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:09:39.340Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.br-automation.com/en/downloads/012020-automation-runtime-snmp-authentication-weakness/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-051-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Automation Runtime",
"vendor": "B\u0026R",
"versions": [
{
"status": "affected",
"version": "2 \u003c= 2.96"
},
{
"status": "affected",
"version": "3 \u003c= 3.10"
},
{
"status": "affected",
"version": "4 \u003c= 4.72"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An authentication weakness in the SNMP service in B\u0026R Automation Runtime versions 2.96, 3.00, 3.01, 3.06 to 3.10, 4.00 to 4.63, 4.72 and above allows unauthenticated users to modify the configuration of B\u0026R products via SNMP."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-27T20:21:55",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.br-automation.com/en/downloads/012020-automation-runtime-snmp-authentication-weakness/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-051-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "B\u0026R Automation Runtime SNMP Authentication and Authorization Weakness",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"ID": "CVE-2019-19108",
"STATE": "PUBLIC",
"TITLE": "B\u0026R Automation Runtime SNMP Authentication and Authorization Weakness"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Automation Runtime",
"version": {
"version_data": [
{
"version_value": "2 \u003c= 2.96"
},
{
"version_value": "3 \u003c= 3.10"
},
{
"version_value": "4 \u003c= 4.72"
}
]
}
}
]
},
"vendor_name": "B\u0026R"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authentication weakness in the SNMP service in B\u0026R Automation Runtime versions 2.96, 3.00, 3.01, 3.06 to 3.10, 4.00 to 4.63, 4.72 and above allows unauthenticated users to modify the configuration of B\u0026R products via SNMP."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798 Use of Hard-coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.br-automation.com/en/downloads/012020-automation-runtime-snmp-authentication-weakness/",
"refsource": "CONFIRM",
"url": "https://www.br-automation.com/en/downloads/012020-automation-runtime-snmp-authentication-weakness/"
},
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-051-01",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-051-01"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2019-19108",
"datePublished": "2020-04-20T21:48:29",
"dateReserved": "2019-11-18T00:00:00",
"dateUpdated": "2024-08-05T02:09:39.340Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}