PT-2022-4238 · B&R · Automation Studio

Published

2022-08-11

Updated

2022-08-13

CVE-2021-22289

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions B&R Automation Studio version 4.0 and later

Description The issue is related to improper input validation in the project upload mechanism, which may allow an unauthenticated network attacker to execute code. This could potentially lead to remote code execution or denial of service.

Recommendations For B&R Automation Studio version 4.0 and later, update to a version that includes a fix for the improper input validation vulnerability in the project upload mechanism. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2022-05087

CVE-2021-22289

Affected Products

Automation Studio

PT-2022-4238 · B&R · Automation Studio

CVE-2021-22289

Weakness Enumeration

Related Identifiers

Affected Products

References · 7