Shodan
Vulnerabilities
Vulnerable Software
Br-Automation:  Security Vulnerabilities
CVE-2020-11645
A denial of service vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to limit availability of GateManager instances.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-10-15
CVE-2020-11646
A log information disclosure vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to view log information reserved for other users.
CVSS Score
4.3
EPSS Score
0.001
Published
2020-10-15
CVE-2020-11641
A local file inclusion vulnerability in B&R SiteManager versions <9.2.620236042 allows authenticated users to read sensitive files from SiteManager instances.
CVSS Score
7.7
EPSS Score
0.002
Published
2020-10-15
CVE-2020-11642
The local file inclusion vulnerability present in B&R SiteManager versions <9.2.620236042 allows authenticated users to impact availability of SiteManager instances.
CVSS Score
7.7
EPSS Score
0.003
Published
2020-10-15
CVE-2020-11643
An information disclosure vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to view information of devices belonging to foreign domains.
CVSS Score
6.5
EPSS Score
0.003
Published
2020-10-15
CVE-2019-19100
A privilege escalation vulnerability in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x, 4.2.x, < 4.3.11SP, < 4.4.9SP, < 4.5.4SP, <. 4.6.3SP, < 4.7.2 and < 4.8.1 allow authenticated users to delete arbitrary files via an exposed interface.
CVSS Score
7.5
EPSS Score
0.0
Published
2020-04-29
CVE-2019-19101
A missing secure communication definition and an incomplete TLS validation in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x, 4.2.x, < 4.3.11SP, < 4.4.9SP, < 4.5.5SP, < 4.6.4 and < 4.7.2 enable unauthenticated users to perform MITM attacks via the B&R upgrade server.
CVSS Score
6.5
EPSS Score
0.001
Published
2020-04-29
CVE-2019-19102
A directory traversal vulnerability in SharpZipLib used in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x and 4.2.x allow unauthenticated users to write to certain local directories. The vulnerability is also known as zip slip.
CVSS Score
5.5
EPSS Score
0.007
Published
2020-04-29
CVE-2019-19108
An authentication weakness in the SNMP service in B&R Automation Runtime versions 2.96, 3.00, 3.01, 3.06 to 3.10, 4.00 to 4.63, 4.72 and above allows unauthenticated users to modify the configuration of B&R products via SNMP.
CVSS Score
9.4
EPSS Score
0.006
Published
2020-04-20


Products
Pricing
Contact Us

Shodan ® - All rights reserved