CVE-2019-19100 : What You Need to Know

An exploitable vulnerability has been found in the upgrade service of B&R Automation Studio. This vulnerability allows authenticated users to delete files using an accessible interface.

Understanding CVE-2019-19100

This CVE involves a privilege escalation vulnerability in B&R Automation Studio's upgrade service, affecting multiple versions.

What is CVE-2019-19100?

The vulnerability in the upgrade service of B&R Automation Studio allows authenticated users to delete arbitrary files through an exposed interface.

The Impact of CVE-2019-19100

CVSS Base Score: 7.5 (High)
Severity: High
Attack Vector: Local
Attack Complexity: High
Privileges Required: Low
Scope: Changed
Confidentiality Impact: None
Integrity Impact: High
Availability Impact: High

Technical Details of CVE-2019-19100

This section provides detailed technical information about the vulnerability.

Vulnerability Description

The vulnerability enables authenticated users to delete any files via an accessible interface in B&R Automation Studio's upgrade service.

Affected Systems and Versions

The following versions of Automation Studio by B&R are affected:

4.0.x
4.1.x
4.2.x
Less than 4.3.11SP
Less than 4.4.9SP
Less than 4.5.4SP
Less than 4.6.3SP
Less than 4.7.2
Less than 4.8.1

Exploitation Mechanism

The vulnerability can be exploited by authenticated users to delete files through an accessible interface.

Mitigation and Prevention

To address CVE-2019-19100, follow these mitigation steps:

Immediate Steps to Take

Update to a patched version of B&R Automation Studio.
Restrict access to the upgrade service to authorized users only.

Long-Term Security Practices

Regularly monitor and audit file deletion activities.
Implement least privilege access controls to limit user capabilities.

Patching and Updates

Apply the latest patches and updates provided by B&R to fix the vulnerability.