Vulnerability Details CVE-2019-19108
An authentication weakness in the SNMP service in B&R Automation Runtime versions 2.96, 3.00, 3.01, 3.06 to 3.10, 4.00 to 4.63, 4.72 and above allows unauthenticated users to modify the configuration of B&R products via SNMP.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.7%
CVSS Severity
CVSS v3 Score 9.4
CVSS v2 Score 7.5
References
- https://www.br-automation.com/en/downloads/012020-automation-runtime-snmp-authentication-weakness/
- https://www.us-cert.gov/ics/advisories/icsa-20-051-01
- https://www.br-automation.com/en/downloads/012020-automation-runtime-snmp-authentication-weakness/
- https://www.us-cert.gov/ics/advisories/icsa-20-051-01
Products affected by CVE-2019-19108
-
cpe:2.3:a:br-automation:automation_runtime:2.96
-
cpe:2.3:a:br-automation:automation_runtime:3.00
-
cpe:2.3:a:br-automation:automation_runtime:3.01
-
cpe:2.3:a:br-automation:automation_runtime:3.06
-
cpe:2.3:a:br-automation:automation_runtime:3.07
-
cpe:2.3:a:br-automation:automation_runtime:3.08
-
cpe:2.3:a:br-automation:automation_runtime:3.10
-
cpe:2.3:a:br-automation:automation_runtime:4.00
-
cpe:2.3:a:br-automation:automation_runtime:4.03
-
cpe:2.3:a:br-automation:automation_runtime:4.04
-
cpe:2.3:a:br-automation:automation_runtime:4.10
-
cpe:2.3:a:br-automation:automation_runtime:4.20
-
cpe:2.3:a:br-automation:automation_runtime:4.30
-
cpe:2.3:a:br-automation:automation_runtime:4.40
-
cpe:2.3:a:br-automation:automation_runtime:4.50
-
cpe:2.3:a:br-automation:automation_runtime:4.60
-
cpe:2.3:a:br-automation:automation_runtime:4.63
-
cpe:2.3:a:br-automation:automation_runtime:4.72
-
cpe:2.3:a:br-automation:automation_studio:2.7
-
cpe:2.3:a:br-automation:automation_studio:3.0.71
-
cpe:2.3:a:br-automation:automation_studio:3.0.80
-
cpe:2.3:a:br-automation:automation_studio:3.0.81
-
cpe:2.3:a:br-automation:automation_studio:3.0.90
-
cpe:2.3:a:br-automation:automation_studio:4.0.0
-
cpe:2.3:a:br-automation:automation_studio:4.0.14.208
-
cpe:2.3:a:br-automation:automation_studio:4.0.15.165
-
cpe:2.3:a:br-automation:automation_studio:4.0.16.81
-
cpe:2.3:a:br-automation:automation_studio:4.0.17.85
-
cpe:2.3:a:br-automation:automation_studio:4.0.18.71
-
cpe:2.3:a:br-automation:automation_studio:4.0.19.69
-
cpe:2.3:a:br-automation:automation_studio:4.0.20.56
-
cpe:2.3:a:br-automation:automation_studio:4.0.21.35
-
cpe:2.3:a:br-automation:automation_studio:4.0.22.47
-
cpe:2.3:a:br-automation:automation_studio:4.0.23.58
-
cpe:2.3:a:br-automation:automation_studio:4.0.24.45
-
cpe:2.3:a:br-automation:automation_studio:4.0.25.156
-
cpe:2.3:a:br-automation:automation_studio:4.0.26.103
-
cpe:2.3:a:br-automation:automation_studio:4.0.27.122
-
cpe:2.3:a:br-automation:automation_studio:4.0.28.24
-
cpe:2.3:a:br-automation:automation_studio:4.0.29.87
-
cpe:2.3:a:br-automation:automation_studio:4.1
-
cpe:2.3:a:br-automation:automation_studio:4.1.10.69
-
cpe:2.3:a:br-automation:automation_studio:4.1.11.118
-
cpe:2.3:a:br-automation:automation_studio:4.1.12.57
-
cpe:2.3:a:br-automation:automation_studio:4.1.13.84
-
cpe:2.3:a:br-automation:automation_studio:4.1.14.40
-
cpe:2.3:a:br-automation:automation_studio:4.1.15.54
-
cpe:2.3:a:br-automation:automation_studio:4.1.16.135
-
cpe:2.3:a:br-automation:automation_studio:4.1.17.113
-
cpe:2.3:a:br-automation:automation_studio:4.1.5.68
-
cpe:2.3:a:br-automation:automation_studio:4.1.6.81
-
cpe:2.3:a:br-automation:automation_studio:4.1.7.61
-
cpe:2.3:a:br-automation:automation_studio:4.1.8.44
-
cpe:2.3:a:br-automation:automation_studio:4.1.9.44
-
cpe:2.3:a:br-automation:automation_studio:4.2
-
cpe:2.3:a:br-automation:automation_studio:4.2.10.53
-
cpe:2.3:a:br-automation:automation_studio:4.2.11.97
-
cpe:2.3:a:br-automation:automation_studio:4.2.12.129
-
cpe:2.3:a:br-automation:automation_studio:4.2.13.102
-
cpe:2.3:a:br-automation:automation_studio:4.2.14.119
-
cpe:2.3:a:br-automation:automation_studio:4.2.6.110
-
cpe:2.3:a:br-automation:automation_studio:4.2.7.54
-
cpe:2.3:a:br-automation:automation_studio:4.2.8.54
-
cpe:2.3:a:br-automation:automation_studio:4.2.9.65
-
cpe:2.3:a:br-automation:automation_studio:4.3
-
cpe:2.3:a:br-automation:automation_studio:4.3.10.94
-
cpe:2.3:a:br-automation:automation_studio:4.3.11.134
-
cpe:2.3:a:br-automation:automation_studio:4.3.3.196
-
cpe:2.3:a:br-automation:automation_studio:4.3.4.121
-
cpe:2.3:a:br-automation:automation_studio:4.3.5.113
-
cpe:2.3:a:br-automation:automation_studio:4.3.6.46
-
cpe:2.3:a:br-automation:automation_studio:4.3.6.57
-
cpe:2.3:a:br-automation:automation_studio:4.3.7.46
-
cpe:2.3:a:br-automation:automation_studio:4.3.8.58
-
cpe:2.3:a:br-automation:automation_studio:4.3.9.141
-
cpe:2.3:a:br-automation:automation_studio:4.4
-
cpe:2.3:a:br-automation:automation_studio:4.4.4.112
-
cpe:2.3:a:br-automation:automation_studio:4.4.5.61
-
cpe:2.3:a:br-automation:automation_studio:4.4.6.71
-
cpe:2.3:a:br-automation:automation_studio:4.4.7.144
-
cpe:2.3:a:br-automation:automation_studio:4.4.8.122
-
cpe:2.3:a:br-automation:automation_studio:4.5
-
cpe:2.3:a:br-automation:automation_studio:4.5.2.102
-
cpe:2.3:a:br-automation:automation_studio:4.5.3.86
-
cpe:2.3:a:br-automation:automation_studio:4.5.4.123
-
cpe:2.3:a:br-automation:automation_studio:4.5.5
-
cpe:2.3:a:br-automation:automation_studio:4.5.5.113
-
cpe:2.3:a:br-automation:automation_studio:4.6
-
cpe:2.3:a:br-automation:automation_studio:4.6.3.55
-
cpe:2.3:a:br-automation:automation_studio:4.6.4
-
cpe:2.3:a:br-automation:automation_studio:4.7.2