PT-2020-10045 · B&R+1 · Automation Studio+1

Published

2020-04-29

Updated

2020-05-08

CVE-2019-19102

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions B&R Automation Studio versions 4.0.x through 4.2.x

Description A directory traversal issue in SharpZipLib, used by the upgrade service, allows unauthenticated users to write to specific local directories. This issue is also referred to as zip slip.

Recommendations For versions 4.0.x through 4.2.x, consider restricting access to the upgrade service until a patch is available. As a temporary workaround, limiting write permissions to sensitive local directories may help minimize the risk of exploitation.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2019-19102

Affected Products

Automation Studio

Sharpziplib

PT-2020-10045 · B&R+1 · Automation Studio+1

CVE-2019-19102

Weakness Enumeration

Related Identifiers

Affected Products

References · 3