Lucene search

ABBCVE-2021-22282

HistoryFeb 02, 2024 - 7:15 a.m.

CVE-2021-22282

2024-02-0207:15:08

CWE-94

ABB

web.nvd.nist.gov

b&r automation studio

cve-2021-22282

code execution

security vulnerability

CVSS3

8.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON

Improper Control of Generation of Code (‘Code Injection’) vulnerability in B&R Industrial Automation Automation Studio allows Local Execution of Code.This issue affects Automation Studio: from 4.0 through 4.12.

Affected configurations

Nvd

Node

br-automationautomation_studioRange4.0–4.12

VendorProductVersionCPE
br-automationautomation_studio*cpe:2.3:a:br-automation:automation_studio:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
br-automation	automation_studio	*	cpe:2.3:a:br-automation:automation_studio::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Automation Studio",
    "vendor": "B&R Industrial Automation",
    "versions": [
      {
        "lessThanOrEqual": "4.12",
        "status": "affected",
        "version": "4.0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.br-automation.com/fileadmin/2021-12_RCE_Vulnerability_in_BnR_Automation_Studio-1b993aeb.pdf

CVSS3

8.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON

Related for CVE-2021-22282