B&R Automation Studio

Plan PatchCVSS 7.5ICS-CERT ICSA-20-093-01Apr 2, 2020

B&R AutomationManufacturing

Attack path

Attack VectorLocal

Auth RequiredLow

ComplexityHigh

User InteractionNone needed

Summary

B&R Automation Studio versions 4.0.x, 4.1.x, and 4.2.x contain vulnerabilities related to improper privilege handling and insecure file operations in the upgrade service. These vulnerabilities allow an attacker with local access to delete arbitrary files, read sensitive files from the system, or write files to arbitrary locations. The upgrade service operates with elevated privileges and does not properly validate file paths or restrict operations to intended directories. Additionally, the upgrade server previously served HTTP links in configuration files, allowing potential interception or manipulation.

What this means

What could happen

An attacker with local access to an engineering workstation could delete arbitrary files, read sensitive files, or write files to the system, potentially compromising the integrity of automation projects or the workstation itself.

Who's at risk

Manufacturing operations using B&R Automation Studio on engineering workstations, particularly those running older versions (4.0.x through 4.2.x). This affects anyone who develops, deploys, or maintains automation logic for industrial controllers and programmable devices.

How it could be exploited

An attacker with local user privileges on a workstation running Automation Studio can exploit vulnerabilities in the upgrade service and file handling to delete arbitrary files, read files outside the intended scope, or write files to arbitrary locations on the system.

Prerequisites

Local user account on the engineering workstation running Automation Studio
Automation Studio versions 4.0.x through 4.2.x
Ability to interact with the upgrade service or file operations within Automation Studio

Local access requiredLow complexity attackNo patch available for older versionsAffects engineering workstationsImpacts file system integrity and confidentiality

Exploitability

Unlikely to be exploited — EPSS score 0.7%

Affected products (1)

ProductAffected VersionsFix Status

Automation Studio:< 4.4.9SP< 4.6.3SP4.1.x and 6 more4.3+

Remediation & Mitigation

0/5

Do now

0/2

HARDENINGManually restrict permissions on the Automation Studio installation directory to limit access

HARDENINGLimit access to engineering workstations running Automation Studio to authorized personnel only

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade Automation Studio to version 4.3 or later

HOTFIXFor versions 4.3 and later, ensure the application uses .NET Framework's native ZIP implementation instead of SharpZipLib

HOTFIXUpgrade B&R upgrade server to serve HTTPS links and enforce Microsoft .NET Framework certificate checks

CVEs (3)

CVE-2019-19100 CVE-2019-19101 CVE-2019-19102

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/2de5d36a-eafe-4b61-abcd-825a8ce5f92e

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.