CVE-2019-19869

Name of the Vulnerable Software and Affected Versions B&R Industrial Automation APROL versions prior to R4.2 V7.08

Description An issue was discovered that allows Process Variables (PVs) to be changed without encryption. This can be achieved by utilizing the IosHttp service and the JSON interface.

Recommendations For versions prior to R4.2 V7.08, update to version R4.2 V7.08 or later to resolve the issue. As a temporary workaround, consider restricting access to the IosHttp service and the JSON interface to minimize the risk of exploitation.