CVE-2019-19100 (GCVE-0-2019-19100)
Vulnerability from cvelistv5 – Published: 2020-04-29 02:09 – Updated: 2024-08-05 02:09
VLAI?
Summary
A privilege escalation vulnerability in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x, 4.2.x, < 4.3.11SP, < 4.4.9SP, < 4.5.4SP, <. 4.6.3SP, < 4.7.2 and < 4.8.1 allow authenticated users to delete arbitrary files via an exposed interface.
Severity ?
7.5 (High)
CWE
- CWE-264 - Permissions, Privileges, and Access Controls
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| B&R | Automation Studio |
Affected:
4.0.x
Affected: 4.1.x Affected: 4.2.x Affected: < 4.3.11SP Affected: < 4.4.9SP Affected: < 4.5.4SP Affected: < 4.6.3SP Affected: < 4.7.2 Affected: < 4.8.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:09:39.275Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.br-automation.com/en/downloads/032020-multiple-vulnerabilities-in-automation-studio/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Automation Studio",
"vendor": "B\u0026R",
"versions": [
{
"status": "affected",
"version": "4.0.x"
},
{
"status": "affected",
"version": "4.1.x"
},
{
"status": "affected",
"version": "4.2.x"
},
{
"status": "affected",
"version": "\u003c 4.3.11SP"
},
{
"status": "affected",
"version": "\u003c 4.4.9SP"
},
{
"status": "affected",
"version": "\u003c 4.5.4SP"
},
{
"status": "affected",
"version": "\u003c 4.6.3SP"
},
{
"status": "affected",
"version": "\u003c 4.7.2"
},
{
"status": "affected",
"version": "\u003c 4.8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A privilege escalation vulnerability in the upgrade service in B\u0026R Automation Studio versions 4.0.x, 4.1.x, 4.2.x, \u003c 4.3.11SP, \u003c 4.4.9SP, \u003c 4.5.4SP, \u003c. 4.6.3SP, \u003c 4.7.2 and \u003c 4.8.1 allow authenticated users to delete arbitrary files via an exposed interface."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-264",
"description": "CWE-264 Permissions, Privileges, and Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-29T02:09:21",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.br-automation.com/en/downloads/032020-multiple-vulnerabilities-in-automation-studio/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Privilege escalation via B\u0026R Automation Studio upgrade service",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@ch.abb.com",
"ID": "CVE-2019-19100",
"STATE": "PUBLIC",
"TITLE": "Privilege escalation via B\u0026R Automation Studio upgrade service"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Automation Studio",
"version": {
"version_data": [
{
"version_value": "4.0.x"
},
{
"version_value": "4.1.x"
},
{
"version_value": "4.2.x"
},
{
"version_value": "\u003c 4.3.11SP"
},
{
"version_value": "\u003c 4.4.9SP"
},
{
"version_value": "\u003c 4.5.4SP"
},
{
"version_value": "\u003c 4.6.3SP"
},
{
"version_value": "\u003c 4.7.2"
},
{
"version_value": "\u003c 4.8.1"
}
]
}
}
]
},
"vendor_name": "B\u0026R"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A privilege escalation vulnerability in the upgrade service in B\u0026R Automation Studio versions 4.0.x, 4.1.x, 4.2.x, \u003c 4.3.11SP, \u003c 4.4.9SP, \u003c 4.5.4SP, \u003c. 4.6.3SP, \u003c 4.7.2 and \u003c 4.8.1 allow authenticated users to delete arbitrary files via an exposed interface."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264 Permissions, Privileges, and Access Controls"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.br-automation.com/en/downloads/032020-multiple-vulnerabilities-in-automation-studio/",
"refsource": "CONFIRM",
"url": "https://www.br-automation.com/en/downloads/032020-multiple-vulnerabilities-in-automation-studio/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2019-19100",
"datePublished": "2020-04-29T02:09:21",
"dateReserved": "2019-11-18T00:00:00",
"dateUpdated": "2024-08-05T02:09:39.275Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:br-automation:automation_studio:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.0\", \"versionEndIncluding\": \"4.0.29.87\", \"matchCriteriaId\": \"1C66F8E7-1E05-4F25-9B9E-7E580CBE2ABA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:br-automation:automation_studio:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.1\", \"versionEndIncluding\": \"4.1.17.113\", \"matchCriteriaId\": \"1B1DFEE8-D096-4181-A28A-8D9C0F494B6A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:br-automation:automation_studio:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.2\", \"versionEndIncluding\": \"4.2.14.119\", \"matchCriteriaId\": \"7FF85042-3F53-4BC2-BD29-36D2EA243918\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:br-automation:automation_studio:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.3\", \"versionEndExcluding\": \"4.3.11\", \"matchCriteriaId\": \"7987D40F-C2E4-4649-821F-14B415D98A80\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:br-automation:automation_studio:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.4\", \"versionEndExcluding\": \"4.4.9\", \"matchCriteriaId\": \"0C18C4E6-1F62-46D6-93CD-12C53B0F9D06\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:br-automation:automation_studio:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.5\", \"versionEndExcluding\": \"4.5.4\", \"matchCriteriaId\": \"CF9329FD-EF8C-4E9B-A4D8-9F254BDF2743\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:br-automation:automation_studio:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.6\", \"versionEndExcluding\": \"4.6.3\", \"matchCriteriaId\": \"3DA6549E-636B-4AC5-A5BB-83C5B5173AC8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:br-automation:automation_studio:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.7\", \"versionEndExcluding\": \"4.7.2\", \"matchCriteriaId\": \"7046AEE9-A813-4407-8A69-F9FB140AD53C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:br-automation:automation_studio:4.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FC5BFBFA-FE70-448B-A045-F31DB396DC83\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A privilege escalation vulnerability in the upgrade service in B\u0026R Automation Studio versions 4.0.x, 4.1.x, 4.2.x, \u003c 4.3.11SP, \u003c 4.4.9SP, \u003c 4.5.4SP, \u003c. 4.6.3SP, \u003c 4.7.2 and \u003c 4.8.1 allow authenticated users to delete arbitrary files via an exposed interface.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad de escalada de privilegios en el servicio de actualizaci\\u00f3n en B\u0026amp;R Automation Studio versiones 4.0.x, 4.1.x, 4.2.x, versiones anteriores a 4.3.11SP, versiones anteriores a 4.4.9SP, versiones anteriores a 4.5.4SP, versiones anteriores a 4.6.3SP, versiones anteriores a 4.7.2 y versiones anteriores a 4.8.1, permite a usuarios autenticados eliminar archivos arbitrarios por medio de una interfaz expuesta.\"}]",
"id": "CVE-2019-19100",
"lastModified": "2024-11-21T04:34:11.863",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"cybersecurity@ch.abb.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.1, \"impactScore\": 5.8}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H\", \"baseScore\": 7.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.2}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:N/I:P/A:P\", \"baseScore\": 3.6, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 3.9, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2020-04-29T03:15:16.503",
"references": "[{\"url\": \"https://www.br-automation.com/en/downloads/032020-multiple-vulnerabilities-in-automation-studio/\", \"source\": \"cybersecurity@ch.abb.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.br-automation.com/en/downloads/032020-multiple-vulnerabilities-in-automation-studio/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "cybersecurity@ch.abb.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"cybersecurity@ch.abb.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-264\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2019-19100\",\"sourceIdentifier\":\"cybersecurity@ch.abb.com\",\"published\":\"2020-04-29T03:15:16.503\",\"lastModified\":\"2024-11-21T04:34:11.863\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A privilege escalation vulnerability in the upgrade service in B\u0026R Automation Studio versions 4.0.x, 4.1.x, 4.2.x, \u003c 4.3.11SP, \u003c 4.4.9SP, \u003c 4.5.4SP, \u003c. 4.6.3SP, \u003c 4.7.2 and \u003c 4.8.1 allow authenticated users to delete arbitrary files via an exposed interface.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de escalada de privilegios en el servicio de actualizaci\u00f3n en B\u0026amp;R Automation Studio versiones 4.0.x, 4.1.x, 4.2.x, versiones anteriores a 4.3.11SP, versiones anteriores a 4.4.9SP, versiones anteriores a 4.5.4SP, versiones anteriores a 4.6.3SP, versiones anteriores a 4.7.2 y versiones anteriores a 4.8.1, permite a usuarios autenticados eliminar archivos arbitrarios por medio de una interfaz expuesta.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cybersecurity@ch.abb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.1,\"impactScore\":5.8},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:N/I:P/A:P\",\"baseScore\":3.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cybersecurity@ch.abb.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:br-automation:automation_studio:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.0\",\"versionEndIncluding\":\"4.0.29.87\",\"matchCriteriaId\":\"1C66F8E7-1E05-4F25-9B9E-7E580CBE2ABA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:br-automation:automation_studio:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.1\",\"versionEndIncluding\":\"4.1.17.113\",\"matchCriteriaId\":\"1B1DFEE8-D096-4181-A28A-8D9C0F494B6A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:br-automation:automation_studio:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.2\",\"versionEndIncluding\":\"4.2.14.119\",\"matchCriteriaId\":\"7FF85042-3F53-4BC2-BD29-36D2EA243918\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:br-automation:automation_studio:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.3\",\"versionEndExcluding\":\"4.3.11\",\"matchCriteriaId\":\"7987D40F-C2E4-4649-821F-14B415D98A80\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:br-automation:automation_studio:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.4\",\"versionEndExcluding\":\"4.4.9\",\"matchCriteriaId\":\"0C18C4E6-1F62-46D6-93CD-12C53B0F9D06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:br-automation:automation_studio:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.5\",\"versionEndExcluding\":\"4.5.4\",\"matchCriteriaId\":\"CF9329FD-EF8C-4E9B-A4D8-9F254BDF2743\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:br-automation:automation_studio:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.6\",\"versionEndExcluding\":\"4.6.3\",\"matchCriteriaId\":\"3DA6549E-636B-4AC5-A5BB-83C5B5173AC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:br-automation:automation_studio:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.7\",\"versionEndExcluding\":\"4.7.2\",\"matchCriteriaId\":\"7046AEE9-A813-4407-8A69-F9FB140AD53C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:br-automation:automation_studio:4.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC5BFBFA-FE70-448B-A045-F31DB396DC83\"}]}]}],\"references\":[{\"url\":\"https://www.br-automation.com/en/downloads/032020-multiple-vulnerabilities-in-automation-studio/\",\"source\":\"cybersecurity@ch.abb.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.br-automation.com/en/downloads/032020-multiple-vulnerabilities-in-automation-studio/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…