CVE-2019-19101

CWE-325: MISSING REQUIRED CRYPTOGRAPHIC STEP
A missing secure communication definition and an incomplete TLS validation in the upgrade service in B&R Automation Studio enable unauthenticated users to perform MITM attacks via the B&R upgrade server.

Read more: Claroty Researchers Uncover Vulnerabilities in Industrail Automation Software

Risk Information

  • CVE ID
  • CVE-2019-19101
  • Vendor
  • B&R Automation
  • Product
  • Automation Studio
  • CVSS v3
  • 6.5