AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

OR
          *cpe:2.3:a:br-automation:automation_studio:*:*:*:*:*:*:*:* versions up to (excluding) 4.6
          *cpe:2.3:a:br-automation:technology_guarding:*:*:*:*:*:*:*:* versions up to (excluding) 1.4.0

Asea Brown Boveri Ltd. (ABB): https://www.br-automation.com/fileadmin/SA23P019_Automation_Studio_Upgrade_Service_uses_insufficient_encryption.pdf-1b3b181c.pdf Types: Vendor Advisory

CVE: https://www.br-automation.com/fileadmin/SA23P019_Automation_Studio_Upgrade_Service_uses_insufficient_encryption.pdf-1b3b181c.pdf Types: Vendor Advisory

https://www.br-automation.com/fileadmin/SA23P019_Automation_Studio_Upgrade_Service_uses_insufficient_encryption.pdf-1b3b181c.pdf

Asea Brown Boveri Ltd. (ABB) CWE-1240

Asea Brown Boveri Ltd. (ABB) CWE-311

Asea Brown Boveri Ltd. (ABB) CWE-326

B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive data.



Missing Encryption of Sensitive Data, Cleartext Transmission of Sensitive Information, Improper Control of Generation of Code ('Code Injection'), Inadequate Encryption Strength vulnerability in B&R Industrial Automation B&R Automation Studio (Upgrade Service modules), B&R Industrial Automation Technology Guarding.This issue affects B&R Automation Studio: <4.6; Technology Guarding: <1.4.0.

B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive data.

B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive data.



Missing Encryption of Sensitive Data, Cleartext Transmission of Sensitive Information, Improper Control of Generation of Code ('Code Injection'), Inadequate Encryption Strength vulnerability in B&R Industrial Automation B&R Automation Studio (Upgrade Service modules), B&R Industrial Automation Technology Guarding.This issue affects B&R Automation Studio: <4.6; Technology Guarding: <1.4.0.

Asea Brown Boveri Ltd. (ABB) AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Asea Brown Boveri Ltd. (ABB) CWE-311

Asea Brown Boveri Ltd. (ABB) CWE-319

Asea Brown Boveri Ltd. (ABB) CWE-326

Asea Brown Boveri Ltd. (ABB) CWE-94

Asea Brown Boveri Ltd. (ABB) https://www.br-automation.com/fileadmin/SA23P019_Automation_Studio_Upgrade_Service_uses_insufficient_encryption.pdf-1b3b181c.pdf [No types assigned]