CVE-2019-19108

Published Apr 20, 2020

Last updated 5 years ago

CVSS critical 9.4

Overview

Description: An authentication weakness in the SNMP service in B&R Automation Runtime versions 2.96, 3.00, 3.01, 3.06 to 3.10, 4.00 to 4.63, 4.72 and above allows unauthenticated users to modify the configuration of B&R products via SNMP.
Source: cybersecurity@ch.abb.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.4
Impact score: 5.5
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-798
cybersecurity@ch.abb.com: CWE-798

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:br-automation:automation_runtime:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "92007641-9F08-49BC-8FBE-299E1B8F5D6E",
            "versionEndIncluding": "3.10",
            "versionStartIncluding": "3.08"
          },
          {
            "criteria": "cpe:2.3:a:br-automation:automation_runtime:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4F6F991A-DEAC-48E6-B920-3E5C2DF71126",
            "versionEndIncluding": "4.03",
            "versionStartIncluding": "4.00"
          },
          {
            "criteria": "cpe:2.3:a:br-automation:automation_runtime:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DBFD0529-3DBC-4F33-A8DB-3E0425249A0F",
            "versionEndIncluding": "4.63",
            "versionStartIncluding": "4.04"
          },
          {
            "criteria": "cpe:2.3:a:br-automation:automation_runtime:2.96:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4336DDC3-2E0B-4003-9DD2-0F6B792224E0"
          },
          {
            "criteria": "cpe:2.3:a:br-automation:automation_runtime:3.00:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "627F13C8-8C9C-4821-8669-048D4129AA0F"
          },
          {
            "criteria": "cpe:2.3:a:br-automation:automation_runtime:3.01:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "938E07B7-4EA6-4C9F-AFE3-34D6871FD8E6"
          },
          {
            "criteria": "cpe:2.3:a:br-automation:automation_runtime:3.06:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "86226E55-0103-491D-9CE2-F70DF0F02FCC"
          },
          {
            "criteria": "cpe:2.3:a:br-automation:automation_runtime:3.07:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1EA14826-AB36-438F-85EF-012AF77C84B6"
          },
          {
            "criteria": "cpe:2.3:a:br-automation:automation_runtime:4.72:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ABB62E4A-4595-45FD-B9A3-6B72CA96B5A3"
          },
          {
            "criteria": "cpe:2.3:a:br-automation:automation_studio:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "150E3C63-DA0E-4E4E-A778-ADC1BEB3FA14",
            "versionEndIncluding": "4.6.4",
            "versionStartIncluding": "4.0.0"
          },
          {
            "criteria": "cpe:2.3:a:br-automation:automation_studio:2.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "345C741C-4575-4234-92E7-1059703505BB"
          },
          {
            "criteria": "cpe:2.3:a:br-automation:automation_studio:3.0.71:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5C516EA0-BB55-4554-AB27-B56423A5DE8F"
          },
          {
            "criteria": "cpe:2.3:a:br-automation:automation_studio:3.0.80:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0459007D-DFC7-4EEA-8336-E05637672FDC"
          },
          {
            "criteria": "cpe:2.3:a:br-automation:automation_studio:3.0.81:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B77D56F4-AFB5-4346-B6A9-1DF87D67D577"
          },
          {
            "criteria": "cpe:2.3:a:br-automation:automation_studio:3.0.90:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A6B1A4A3-2201-49D0-BAB9-CFE94DB77C90"
          },
          {
            "criteria": "cpe:2.3:a:br-automation:automation_studio:4.7.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4007CF20-9AEE-47F9-A48A-0837739D95F1"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References