You are here

B&R Automation Studio (ICSA-20-093-01) – Product Used in the Energy Sector

B&R Automation Studio (ICSA-20-093-01) – Product Used in the Energy Sector

Created: Thursday, April 2, 2020 - 11:47
Categories:
Cybersecurity

CISA has published an advisory on improper privilege management, missing required cryptographic step, and path traversal vulnerabilities in B&R Automation Studio. Numerous versions of this product are affected. Successful exploitation of these vulnerabilities could allow an attacker to delete arbitrary files from this system, fetch arbitrary files, or perform arbitrary write operations. B&R recommends applying product updates or applying a series of workarounds until updates can be applied. CISA also recommends a series of measures to mitigate the vulnerabilities. Read the advisory at CISA.