QID 591233

Date Published: 2023-01-04

QID 591233: "B and R" Automation Studio Denial of Service (DoS) Vulnerability (ADVISORY_04-2022)

AFFECTED PRODUCTS
B and R Automation reports the vulnerabilities to affect the following versions of Automation Studio, a programmable logic controller (PLC) automation programming software: Automation Studio 4: B and R Automation Studio (AS) from Version 4.0 and above.

QID Detection Logic (Authenticated)
QID checks for the Vulnerable version using windows registry keys Note: Only version 4.X series will be flagged by the QID, because the latest version of the product released by the vendor is version 4 series only.

Successful exploitation of this vulnerability can lead to denial of service.

CVSS V3 rated as High - 7.1 severity.

CVSS V2 rated as Medium - 3.6 severity.

Solution

No patch is released from vendor. For more information please visit ADVISORY_04-2022Workaround:
The vendor has advised to set the value of HKEY_LOCAL_MACHINE\SOFTWARE\WIBUSYSTEMS\CodeMeter\Server\CurrentVersion\EnabledConta inerTypes to 4294967294 (0xFFFFFFFE).

Vendor References

ADVISORY_04-2022 - www.br-automation.com/downloads_br_productcatalogue/assets/1667745192537-en-original-1.0.pdf

CVEs related to QID 591233

CVE-2021-41057 |

Software Advisories

Advisory ID	Software	Component	Link

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].