Improper Authorization in B&R Industrial Automation Automation Studio and Automation Runtime

1) Improper Authorization

EUVDB-ID: #VU25500

Risk: High

CVSSv4.0: 6.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2019-19108

CWE-ID: CWE-285 - Improper Authorization

Exploit availability: No

Description

The vulnerability allows an attacker to bypass authorization checks.

The vulnerability exists due to a weakness in SNMP service. A remote attacker can modify the configuration of affected devices via the service.

The following versions of B&R products are affected:

• Automation Studio Versions 2.7, 3.0.71, 3.0.80, 3.0.81, 3.0.90, 4.0.x to 4.6.4, and 4.7.2
• Automation Runtime Versions 2.96, 3.00, 3.01, 3.06, 3.07, 3.08 to 3.10, 4.00 to 4.03, 4.04 to 4.03, 4.04 to 4.63, 4.72 and above.

Mitigation

Vendor recommends to update to the following versions.

• AS 4.6.5 (Planned release date: 2020-03-27) and higher
• AS 4.7.3 (Planned release date: 2020-04-10) and higher
• AS 4.8.2 (Planned release date: 2020-06-11) and higher

Vulnerable software versions

Automation Studio: All versions

Automation Runtime: All versions

CPE2.3

• cpe:2.3:a:b_and_r_industrial_automation_gmbh:automation_studio:*:*:*:*:*:*:*:*
• cpe:2.3:a:b_and_r_industrial_automation_gmbh:automation_runtime:*:*:*:*:*:*:*:*

External links

https://ics-cert.us-cert.gov/advisories/icsa-20-051-01
https://www.br-automation.com/en/downloads/012020-automation-runtime-snmp-authentication-weakness/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.