CVE-2019-19101
CWE-325: MISSING REQUIRED CRYPTOGRAPHIC STEP
A missing secure communication definition and an incomplete TLS validation in the upgrade service in B&R Automation Studio enable unauthenticated users to perform MITM attacks via the B&R upgrade server.
Read more: Claroty Researchers Uncover Vulnerabilities in Industrail Automation Software
Risk Information
- CVE ID
- CVE-2019-19101
- Vendor
- B&R Automation
- Product
- Automation Studio
- CVSS v3
- 6.5