CVE-2021-22281 - OpenCVE

: Relative Path Traversal vulnerability in B&R Industrial Automation Automation Studio allows Relative Path Traversal.This issue affects Automation Studio: from 4.0 through 4.12.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Br-automation	Automation Studio

Configuration 1 [-]

cpe:2.3:a:br-automation:automation_studio:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.br-automation.com/fileadmin/2021-11_ZipSlip_Vulnerability_in_Automation_Studio_Project_Import-b90d2f42.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: ABB

Published: 2024-02-02T07:24:29.599Z

Updated: 2024-08-21T17:32:38.731Z

Reserved: 2021-01-05T17:31:49.080Z

Link: CVE-2021-22281

Vulnrichment

Updated: 2024-08-03T18:37:18.432Z

NVD

Status : Analyzed

Published: 2024-02-02T08:15:46.013

Modified: 2024-02-10T01:03:31.623

Link: CVE-2021-22281

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-22281", "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "state": "PUBLISHED", "assignerShortName": "ABB", "dateReserved": "2021-01-05T17:31:49.080Z", "datePublished": "2024-02-02T07:24:29.599Z", "dateUpdated": "2024-08-21T17:32:38.731Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Automation Studio", "vendor": "B&R Industrial Automation", "versions": [{"lessThanOrEqual": "4.12", "status": "affected", "version": "4.0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "B&R would like to thank the following for working with us to help protect our customers: Mr. Mashav Sapir of Claroty, Mr. Andrew Hofmans"}], "datePublic": "2021-10-28T18:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": ": Relative Path Traversal vulnerability in B&R Industrial Automation Automation Studio allows Relative Path Traversal.<p>This issue affects Automation Studio: from 4.0 through 4.12.</p>"}], "value": ": Relative Path Traversal vulnerability in B&R Industrial Automation Automation Studio allows Relative Path Traversal.This issue affects Automation Studio: from 4.0 through 4.12.\n\n"}], "impacts": [{"capecId": "CAPEC-139", "descriptions": [{"lang": "en", "value": "CAPEC-139 Relative Path Traversal"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-23", "description": "CWE-23: Relative Path Traversal", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB", "dateUpdated": "2024-02-02T11:25:16.360Z"}, "references": [{"url": "https://www.br-automation.com/fileadmin/2021-11_ZipSlip_Vulnerability_in_Automation_Studio_Project_Import-b90d2f42.pdf"}], "source": {"discovery": "UNKNOWN"}, "title": "Zip Slip Vulnerability in B&R Automation Studio Project Import", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\nB&R recommends the following specific workarounds and mitigations:\nOpen only B&R Automation Studio project files from trusted source.\nUse encrypted export of B&R Automation Studio project files, thus only allowing access to legitimate \nusers.\nProtect locations where B&R Automation Studio projects are stored from unauthorized access. This \nincludes PLCs, when using the feature to back up project source files on target.\nDo not run B&R Automation Studio in elevated mode.\nMake sure, that Windows User Access Control (UAC) is enabled.\nVerify integrity of B&R Automation Studio project files, which are exchanged via potentially insecure \nchannels\nIn general, B&R recommends implementing the Cyber Security guidelines\n\n<br>"}], "value": "\nB&R recommends the following specific workarounds and mitigations:\nOpen only B&R Automation Studio project files from trusted source.\nUse encrypted export of B&R Automation Studio project files, thus only allowing access to legitimate \nusers.\nProtect locations where B&R Automation Studio projects are stored from unauthorized access. This \nincludes PLCs, when using the feature to back up project source files on target.\nDo not run B&R Automation Studio in elevated mode.\nMake sure, that Windows User Access Control (UAC) is enabled.\nVerify integrity of B&R Automation Studio project files, which are exchanged via potentially insecure \nchannels\nIn general, B&R recommends implementing the Cyber Security guidelines\n\n\n"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T18:37:18.432Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.br-automation.com/fileadmin/2021-11_ZipSlip_Vulnerability_in_Automation_Studio_Project_Import-b90d2f42.pdf", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-21T15:56:31.407839Z", "id": "CVE-2021-22281", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-21T17:32:38.731Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.br-automation.com/fileadmin/2021-11_ZipSlip_Vulnerability_in_Automation_Studio_Project_Import-b90d2f42.pdf", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T18:37:18.432Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-22281", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-21T15:56:31.407839Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-21T17:32:31.167Z"}}], "cna": {"title": "Zip Slip Vulnerability in B&R Automation Studio Project Import", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "B&R would like to thank the following for working with us to help protect our customers: Mr. Mashav Sapir of Claroty, Mr. Andrew Hofmans"}], "impacts": [{"capecId": "CAPEC-139", "descriptions": [{"lang": "en", "value": "CAPEC-139 Relative Path Traversal"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "B&R Industrial Automation", "product": "Automation Studio", "versions": [{"status": "affected", "version": "4.0", "versionType": "custom", "lessThanOrEqual": "4.12"}], "defaultStatus": "unaffected"}], "datePublic": "2021-10-28T18:30:00.000Z", "references": [{"url": "https://www.br-automation.com/fileadmin/2021-11_ZipSlip_Vulnerability_in_Automation_Studio_Project_Import-b90d2f42.pdf"}], "workarounds": [{"lang": "en", "value": "\nB&R recommends the following specific workarounds and mitigations:\nOpen only B&R Automation Studio project files from trusted source.\nUse encrypted export of B&R Automation Studio project files, thus only allowing access to legitimate \nusers.\nProtect locations where B&R Automation Studio projects are stored from unauthorized access. This \nincludes PLCs, when using the feature to back up project source files on target.\nDo not run B&R Automation Studio in elevated mode.\nMake sure, that Windows User Access Control (UAC) is enabled.\nVerify integrity of B&R Automation Studio project files, which are exchanged via potentially insecure \nchannels\nIn general, B&R recommends implementing the Cyber Security guidelines\n\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\nB&R recommends the following specific workarounds and mitigations:\nOpen only B&R Automation Studio project files from trusted source.\nUse encrypted export of B&R Automation Studio project files, thus only allowing access to legitimate \nusers.\nProtect locations where B&R Automation Studio projects are stored from unauthorized access. This \nincludes PLCs, when using the feature to back up project source files on target.\nDo not run B&R Automation Studio in elevated mode.\nMake sure, that Windows User Access Control (UAC) is enabled.\nVerify integrity of B&R Automation Studio project files, which are exchanged via potentially insecure \nchannels\nIn general, B&R recommends implementing the Cyber Security guidelines\n\n<br>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": ": Relative Path Traversal vulnerability in B&R Industrial Automation Automation Studio allows Relative Path Traversal.This issue affects Automation Studio: from 4.0 through 4.12.\n\n", "supportingMedia": [{"type": "text/html", "value": ": Relative Path Traversal vulnerability in B&R Industrial Automation Automation Studio allows Relative Path Traversal.<p>This issue affects Automation Studio: from 4.0 through 4.12.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-23", "description": "CWE-23: Relative Path Traversal"}]}], "providerMetadata": {"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB", "dateUpdated": "2024-02-02T11:25:16.360Z"}}}, "cveMetadata": {"cveId": "CVE-2021-22281", "state": "PUBLISHED", "dateUpdated": "2024-08-21T17:32:38.731Z", "dateReserved": "2021-01-05T17:31:49.080Z", "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "datePublished": "2024-02-02T07:24:29.599Z", "assignerShortName": "ABB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:br-automation:automation_studio:*:*:*:*:*:*:*:*", "matchCriteriaId": "1C6F1F09-B82E-4E1B-B2FA-CDCC529FA790", "versionEndIncluding": "4.12", "versionStartIncluding": "4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": ": Relative Path Traversal vulnerability in B&R Industrial Automation Automation Studio allows Relative Path Traversal.This issue affects Automation Studio: from 4.0 through 4.12.\n\n"}, {"lang": "es", "value": ": La vulnerabilidad de Path Traversal en B&R Industrial Automation Automation Studio permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Automation Studio: desde 4.0 hasta 4.12."}], "id": "CVE-2021-22281", "lastModified": "2024-02-10T01:03:31.623", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 4.0, "source": "cybersecurity@ch.abb.com", "type": "Secondary"}]}, "published": "2024-02-02T08:15:46.013", "references": [{"source": "cybersecurity@ch.abb.com", "tags": ["Vendor Advisory"], "url": "https://www.br-automation.com/fileadmin/2021-11_ZipSlip_Vulnerability_in_Automation_Studio_Project_Import-b90d2f42.pdf"}], "sourceIdentifier": "cybersecurity@ch.abb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-23"}], "source": "cybersecurity@ch.abb.com", "type": "Secondary"}]}