Vulnerability Details CVE-2019-19101
A missing secure communication definition and an incomplete TLS validation in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x, 4.2.x, < 4.3.11SP, < 4.4.9SP, < 4.5.5SP, < 4.6.4 and < 4.7.2 enable unauthenticated users to perform MITM attacks via the B&R upgrade server.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 28.8%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.3
References
Products affected by CVE-2019-19101
-
cpe:2.3:a:br-automation:automation_studio:4.0
-
cpe:2.3:a:br-automation:automation_studio:4.0.0
-
cpe:2.3:a:br-automation:automation_studio:4.0.14.208
-
cpe:2.3:a:br-automation:automation_studio:4.0.15.165
-
cpe:2.3:a:br-automation:automation_studio:4.0.16.81
-
cpe:2.3:a:br-automation:automation_studio:4.0.17.85
-
cpe:2.3:a:br-automation:automation_studio:4.0.18.71
-
cpe:2.3:a:br-automation:automation_studio:4.0.19.69
-
cpe:2.3:a:br-automation:automation_studio:4.0.20.56
-
cpe:2.3:a:br-automation:automation_studio:4.0.21.35
-
cpe:2.3:a:br-automation:automation_studio:4.0.22.47
-
cpe:2.3:a:br-automation:automation_studio:4.0.23.58
-
cpe:2.3:a:br-automation:automation_studio:4.0.24.45
-
cpe:2.3:a:br-automation:automation_studio:4.0.25.156
-
cpe:2.3:a:br-automation:automation_studio:4.0.26.103
-
cpe:2.3:a:br-automation:automation_studio:4.0.27.122
-
cpe:2.3:a:br-automation:automation_studio:4.0.28.24
-
cpe:2.3:a:br-automation:automation_studio:4.0.29.87
-
cpe:2.3:a:br-automation:automation_studio:4.1
-
cpe:2.3:a:br-automation:automation_studio:4.1.10.69
-
cpe:2.3:a:br-automation:automation_studio:4.1.11.118
-
cpe:2.3:a:br-automation:automation_studio:4.1.12.57
-
cpe:2.3:a:br-automation:automation_studio:4.1.13.84
-
cpe:2.3:a:br-automation:automation_studio:4.1.14.40
-
cpe:2.3:a:br-automation:automation_studio:4.1.15.54
-
cpe:2.3:a:br-automation:automation_studio:4.1.16.135
-
cpe:2.3:a:br-automation:automation_studio:4.1.17.113
-
cpe:2.3:a:br-automation:automation_studio:4.1.5.68
-
cpe:2.3:a:br-automation:automation_studio:4.1.6.81
-
cpe:2.3:a:br-automation:automation_studio:4.1.7.61
-
cpe:2.3:a:br-automation:automation_studio:4.1.8.44
-
cpe:2.3:a:br-automation:automation_studio:4.1.9.44
-
cpe:2.3:a:br-automation:automation_studio:4.2
-
cpe:2.3:a:br-automation:automation_studio:4.2.10.53
-
cpe:2.3:a:br-automation:automation_studio:4.2.11.97
-
cpe:2.3:a:br-automation:automation_studio:4.2.12.129
-
cpe:2.3:a:br-automation:automation_studio:4.2.13.102
-
cpe:2.3:a:br-automation:automation_studio:4.2.14.119
-
cpe:2.3:a:br-automation:automation_studio:4.2.6.110
-
cpe:2.3:a:br-automation:automation_studio:4.2.7.54
-
cpe:2.3:a:br-automation:automation_studio:4.2.8.54
-
cpe:2.3:a:br-automation:automation_studio:4.2.9.65
-
cpe:2.3:a:br-automation:automation_studio:4.3
-
cpe:2.3:a:br-automation:automation_studio:4.3.10.94
-
cpe:2.3:a:br-automation:automation_studio:4.3.3.196
-
cpe:2.3:a:br-automation:automation_studio:4.3.4.121
-
cpe:2.3:a:br-automation:automation_studio:4.3.5.113
-
cpe:2.3:a:br-automation:automation_studio:4.3.6.46
-
cpe:2.3:a:br-automation:automation_studio:4.3.6.57
-
cpe:2.3:a:br-automation:automation_studio:4.3.7.46
-
cpe:2.3:a:br-automation:automation_studio:4.3.8.58
-
cpe:2.3:a:br-automation:automation_studio:4.3.9.141
-
cpe:2.3:a:br-automation:automation_studio:4.4
-
cpe:2.3:a:br-automation:automation_studio:4.4.4.112
-
cpe:2.3:a:br-automation:automation_studio:4.4.5.61
-
cpe:2.3:a:br-automation:automation_studio:4.4.6.71
-
cpe:2.3:a:br-automation:automation_studio:4.4.7.144
-
cpe:2.3:a:br-automation:automation_studio:4.4.8.122
-
cpe:2.3:a:br-automation:automation_studio:4.5
-
cpe:2.3:a:br-automation:automation_studio:4.5.2.102
-
cpe:2.3:a:br-automation:automation_studio:4.5.3.86
-
cpe:2.3:a:br-automation:automation_studio:4.5.4.123
-
cpe:2.3:a:br-automation:automation_studio:4.6
-
cpe:2.3:a:br-automation:automation_studio:4.6.3.55
-
cpe:2.3:a:br-automation:automation_studio:4.7