PT-2024-10789 · B&R Industrial Automation · Automation Studio
Published
2024-02-02
·
Updated
2024-02-10
·
CVE-2020-24681
CVSS v3.1
8.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
B&R Industrial Automation Automation Studio versions 4.6.0 through 4.6.X
B&R Industrial Automation Automation Studio versions 4.7.0 through 4.7.6
B&R Industrial Automation Automation Studio versions 4.8.0 through 4.8.5
B&R Industrial Automation Automation Studio versions 4.9.0 through 4.9.3
Description
The issue is related to an Incorrect Permission Assignment for Critical Resource, allowing Privilege Escalation in B&R Industrial Automation Automation Studio.
Recommendations
For versions 4.6.0 through 4.6.X, update to a version after 4.6.X.
For versions 4.7.0 through 4.7.6, update to version 4.7.7 SP or later.
For versions 4.8.0 through 4.8.5, update to version 4.8.6 SP or later.
For versions 4.9.0 through 4.9.3, update to version 4.9.4 SP or later.
Fix
Incorrect Permission
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Automation Studio