Automation Studio
Approved changes feed: RSS · Atom
cpe:2.3:a:br-automation:automation_studio:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Br Automation (9a6d54fa-e6bc-5bbc-b950-3afd1660c473) |
|---|---|
| Product | Automation Studio (61df6b23-654d-5c18-98f8-74fbc7f0fd84) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-0220 |
vulnerable | 2026-06-03 14:54:01.915774 |
B&R products use insufficient communication encryption
HIGH (8.3)
B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive data.
Published: 2024-02-22T10:15:44.750Z
Updated: 2024-09-19T17:24:51.723Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-22282 |
vulnerable | 2026-06-03 14:43:52.453485 |
RCE in B&R Automation Studio with crafted project files
HIGH (8.3)
Improper Control of Generation of Code ('Code Injection') vulnerability in B&R Industrial Automation Automation Studio allows Local Execution of Code.This issue affects Automation Studio: from 4.0 through 4.12.
Published: 2024-02-02T06:38:32.358Z
Updated: 2025-06-17T21:29:23.035Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-22281 |
vulnerable | 2026-06-03 14:43:52.453039 |
Zip Slip Vulnerability in B&R Automation Studio Project Import
MEDIUM (6.3)
: Relative Path Traversal vulnerability in B&R Industrial Automation Automation Studio allows Relative Path Traversal.This issue affects Automation Studio: from 4.0 through 4.12.
Published: 2024-02-02T07:24:29.599Z
Updated: 2024-08-21T17:32:38.731Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-22280 |
vulnerable | 2026-06-03 14:43:52.451921 |
DLL Hijacking Vulnerability in Automation Studio
HIGH (7.2)
Improper DLL loading algorithms in B&R Automation Studio versions >=4.0 and <4.12 may allow an authenticated local attacker to execute code in the context of the product.
Published: 2024-05-14T19:36:51.930Z
Updated: 2024-08-03T18:37:18.537Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-24682 |
vulnerable | 2026-06-03 14:42:07.988405 |
Automation Studio and PVI Multiple unquoted service path vulnerabilities
HIGH (7.2)
Unquoted Search Path or Element vulnerability in B&R Industrial Automation Automation Studio, B&R Industrial Automation NET/PVI allows Target Programs with Elevated Privileges.This issue affects Automation Studio: from 4.0 through 4.6, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4 SP; NET/PVI: from 4.0 through 4.6, from 4.7.0 before 4.7.7, from 4.8.0 before 4.8.6, from 4.9.0 before 4.9.4.
Published: 2024-02-02T07:11:44.086Z
Updated: 2025-06-17T21:29:22.845Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-24681 |
vulnerable | 2026-06-03 14:42:07.987738 |
Automation Studio and PVI Multiple incorrect permission assignments for services
HIGH (8.2)
Incorrect Permission Assignment for Critical Resource vulnerability in B&R Industrial Automation Automation Studio allows Privilege Escalation.This issue affects Automation Studio: from 4.6.0 through 4.6.X, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4 SP.
Published: 2024-02-02T06:58:24.173Z
Updated: 2025-05-09T17:52:17.145Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-19108 |
vulnerable | 2026-06-03 14:40:03.894353 |
B&R Automation Runtime SNMP Authentication and Authorization Weakness
CRITICAL (9.4)
An authentication weakness in the SNMP service in B&R Automation Runtime versions 2.96, 3.00, 3.01, 3.06 to 3.10, 4.00 to 4.63, 4.72 and above allows unauthenticated users to modify the configuration of B&R products via SNMP.
Published: 2020-04-20T21:48:29.000Z
Updated: 2024-08-05T02:09:39.340Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-19102 |
vulnerable | 2026-06-03 14:40:03.879102 |
Zip Slip vulnerability in 3rd-Party library in B&R Automation Studio upgrade service
MEDIUM (5.5)
A directory traversal vulnerability in SharpZipLib used in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x and 4.2.x allow unauthenticated users to write to certain local directories. The vulnerability is also known as zip slip.
Published: 2020-04-29T02:07:47.000Z
Updated: 2024-08-05T02:09:39.123Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-19101 |
vulnerable | 2026-06-03 14:40:03.878725 |
Incomplete communication encryption and validation in B&R Automation Studio upgrade service
MEDIUM (6.5)
A missing secure communication definition and an incomplete TLS validation in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x, 4.2.x, < 4.3.11SP, < 4.4.9SP, < 4.5.5SP, < 4.6.4 and < 4.7.2 enable unauthenticated users to perform MITM attacks via the B&R upgrade server.
Published: 2020-04-29T02:07:32.000Z
Updated: 2024-08-05T02:09:39.436Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-19100 |
vulnerable | 2026-06-03 14:40:03.877647 |
Privilege escalation via B&R Automation Studio upgrade service
HIGH (7.5)
A privilege escalation vulnerability in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x, 4.2.x, < 4.3.11SP, < 4.4.9SP, < 4.5.4SP, <. 4.6.3SP, < 4.7.2 and < 4.8.1 allow authenticated users to delete arbitrary files via an exposed interface.
Published: 2020-04-29T02:09:21.000Z
Updated: 2024-08-05T02:09:39.275Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.