Lucene search
HistoryAug 11, 2022 - 3:15 p.m.
CVE-2021-22289
cve-2021-22289
improper input validation
b&r automation studio
code execution
nvd
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.5 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
71.9%
Improper Input Validation vulnerability in the project upload mechanism in B&R Automation Studio version >=4.0 may allow an unauthenticated network attacker to execute code.
Affected configurations
Node
br-automationstudioRange4.0≥
| CPE | Name | Operator | Version |
|---|---|---|---|
| br-automation:studio | br-automation studio | eq | * |
CNA Affected
[
{
"product": "Automation Studio",
"vendor": "B&R Industrial Automation",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "4",
"versionType": "custom"
}
]
}
]References
Social References
More
Related
ics
ics
B&R Industrial Automation Automation Studio 4
2022-08-16 12:00:00
cvelist
cvelist
CVE-2021-22289 RCE through Project Upload from Target
2022-08-11 14:56:02
prion
prion
Input validation
2022-08-11 15:15:00
nvd
nvd
CVE-2021-22289
2022-08-11 15:15:09
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.5 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
71.9%
Related for CVE-2021-22289