CVE-2019-19108

Description

An authentication weakness in the SNMP service in B&R Automation Runtime versions 2.96, 3.00, 3.01, 3.06 to 3.10, 4.00 to 4.63, 4.72 and above allows unauthenticated users to modify the configuration of B&R products via SNMP.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

High

Availability

High

Affected products

B&R / Automation Runtime2 <= 2.96 – 2 <= 2.96
B&R / Automation Runtime3 <= 3.10 – 3 <= 3.10
B&R / Automation Runtime4 <= 4.72 – 4 <= 4.72

References

MISChttps://www.br-automation.com/en/downloads/012020-automation-runtime-snmp-authentication-weakness/
VENDOR_ADVISORYhttps://www.us-cert.gov/ics/advisories/icsa-20-051-01