Lucene search

ABBCVE-2021-22281

HistoryFeb 02, 2024 - 8:15 a.m.

CVE-2021-22281

2024-02-0208:15:46

CWE-23

CWE-22

ABB

web.nvd.nist.gov

cve-2021-22281

b&r industrial automation

automation studio

security vulnerability

access control

path traversal

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

18.0%

JSON

: Relative Path Traversal vulnerability in B&R Industrial Automation Automation Studio allows Relative Path Traversal.This issue affects Automation Studio: from 4.0 through 4.12.

Affected configurations

Nvd

Node

br-automationautomation_studioRange4.0–4.12

VendorProductVersionCPE
br-automationautomation_studio*cpe:2.3:a:br-automation:automation_studio:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
br-automation	automation_studio	*	cpe:2.3:a:br-automation:automation_studio::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Automation Studio",
    "vendor": "B&R Industrial Automation",
    "versions": [
      {
        "lessThanOrEqual": "4.12",
        "status": "affected",
        "version": "4.0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.br-automation.com/fileadmin/2021-11_ZipSlip_Vulnerability_in_Automation_Studio_Project_Import-b90d2f42.pdf

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

18.0%

JSON

Related for CVE-2021-22281