Vulnerability Description
An authentication weakness in the SNMP service in B&R Automation Runtime versions 2.96, 3.00, 3.01, 3.06 to 3.10, 4.00 to 4.63, 4.72 and above allows unauthenticated users to modify the configuration of B&R products via SNMP.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Br-Automation | Automation Runtime | >= 3.08, <= 3.10 |
| Br-Automation | Automation Studio | >= 4.0.0, <= 4.6.4 |
Related Weaknesses (CWE)
References
- https://www.br-automation.com/en/downloads/012020-automation-runtime-snmp-authenVendor Advisory
- https://www.us-cert.gov/ics/advisories/icsa-20-051-01Third Party AdvisoryUS Government Resource
- https://www.br-automation.com/en/downloads/012020-automation-runtime-snmp-authenVendor Advisory
- https://www.us-cert.gov/ics/advisories/icsa-20-051-01Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2019-19108?
CVE-2019-19108 is a vulnerability with a CVSS score of 9.4 (CRITICAL). An authentication weakness in the SNMP service in B&R Automation Runtime versions 2.96, 3.00, 3.01, 3.06 to 3.10, 4.00 to 4.63, 4.72 and above allows unauthenticated users to modify the configuration ...
How severe is CVE-2019-19108?
CVE-2019-19108 has been rated CRITICAL with a CVSS base score of 9.4/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-19108?
Check the references section above for vendor advisories and patch information. Affected products include: Br-Automation Automation Runtime, Br-Automation Automation Studio.