CVE-2021-22282 - Vulnerability Details - OpenCVE

Improper Control of Generation of Code ('Code Injection') vulnerability in B&R Industrial Automation Automation Studio allows Local Execution of Code.This issue affects Automation Studio: from 4.0 through 4.12.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00168.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Br-automation	Automation Studio

Configuration 1 [-]

cpe:2.3:a:br-automation:automation_studio:*:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2021-9428	Improper Control of Generation of Code ('Code Injection') vulnerability in B&R Industrial Automation Automation Studio allows Local Execution of Code.This issue affects Automation Studio: from 4.0 through 4.12.

Fixes

Solution

No solution given by the vendor.

Workaround

B&R recommends the following specific workarounds and mitigations: Open only B&R Automation Studio project files from trusted source. Protect locations where B&R Automation Studio projects are stored from unauthorized access. This includes PLCs, when using the feature to back up project source files on target. Do not run B&R Automation Studio in elevated mode. Verify integrity of B&R Automation Studio project files, which are exchanged via potentially insecure channels. Make sure, that Windows User Access Control (UAC) is enabled. In general, B&R recommends implementing the Cyber Security guidelines.

References

Link	Providers
https://www.br-automation.com/fileadmin/2021-12_RCE_Vulnerability_in_BnR_Automation_Studio-1b993aeb.pdf

History

Tue, 17 Jun 2025 22:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: ABB

Published: 2024-02-02T06:38:32.358Z

Updated: 2025-06-17T21:29:23.035Z

Reserved: 2021-01-05T17:31:49.080Z

Link: CVE-2021-22282

Vulnrichment

Updated: 2024-08-03T18:37:18.516Z

NVD

Status : Modified

Published: 2024-02-02T07:15:08.287

Modified: 2024-11-21T05:49:50.530

Link: CVE-2021-22282

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-22282", "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "state": "PUBLISHED", "assignerShortName": "ABB", "dateReserved": "2021-01-05T17:31:49.080Z", "datePublished": "2024-02-02T06:38:32.358Z", "dateUpdated": "2025-06-17T21:29:23.035Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Automation Studio", "vendor": "B&R Industrial Automation", "versions": [{"lessThanOrEqual": "4.12", "status": "affected", "version": "4.0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "B&R would like to thank the following for working with us to help protect our customers: Mr. Mashav Sapir of Claroty, Mr. Andrew Hofmans"}], "datePublic": "2021-10-28T18:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Control of Generation of Code ('Code Injection') vulnerability in B&R Industrial Automation Automation Studio allows Local Execution of Code.<p>This issue affects Automation Studio: from 4.0 through 4.12.</p>"}], "value": "Improper Control of Generation of Code ('Code Injection') vulnerability in B&R Industrial Automation Automation Studio allows Local Execution of Code.This issue affects Automation Studio: from 4.0 through 4.12.\n\n"}], "impacts": [{"capecId": "CAPEC-549", "descriptions": [{"lang": "en", "value": "CAPEC-549 Local Execution of Code"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB", "dateUpdated": "2024-02-02T11:25:49.556Z"}, "references": [{"url": "https://www.br-automation.com/fileadmin/2021-12_RCE_Vulnerability_in_BnR_Automation_Studio-1b993aeb.pdf"}], "source": {"discovery": "UNKNOWN"}, "title": "RCE in B&R Automation Studio with crafted project files", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\nB&R recommends the following specific workarounds and mitigations:\nOpen only B&R Automation Studio project files from trusted source.\nProtect locations where B&R Automation Studio projects are stored from unauthorized access. This \nincludes PLCs, when using the feature to back up project source files on target.\nDo not run B&R Automation Studio in elevated mode.\nVerify integrity of B&R Automation Studio project files, which are exchanged via potentially insecure \nchannels.\nMake sure, that Windows User Access Control (UAC) is enabled.\nIn general, B&R recommends implementing the Cyber Security guidelines.\n\n<br>"}], "value": "\nB&R recommends the following specific workarounds and mitigations:\nOpen only B&R Automation Studio project files from trusted source.\nProtect locations where B&R Automation Studio projects are stored from unauthorized access. This \nincludes PLCs, when using the feature to back up project source files on target.\nDo not run B&R Automation Studio in elevated mode.\nVerify integrity of B&R Automation Studio project files, which are exchanged via potentially insecure \nchannels.\nMake sure, that Windows User Access Control (UAC) is enabled.\nIn general, B&R recommends implementing the Cyber Security guidelines.\n\n\n"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T18:37:18.516Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.br-automation.com/fileadmin/2021-12_RCE_Vulnerability_in_BnR_Automation_Studio-1b993aeb.pdf", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-22282", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-03-14T21:13:25.788287Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-17T21:29:23.035Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.br-automation.com/fileadmin/2021-12_RCE_Vulnerability_in_BnR_Automation_Studio-1b993aeb.pdf", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T18:37:18.516Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-22282", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-03-14T21:13:25.788287Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-17T21:23:57.441Z"}}], "cna": {"title": "RCE in B&R Automation Studio with crafted project files", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "B&R would like to thank the following for working with us to help protect our customers: Mr. Mashav Sapir of Claroty, Mr. Andrew Hofmans"}], "impacts": [{"capecId": "CAPEC-549", "descriptions": [{"lang": "en", "value": "CAPEC-549 Local Execution of Code"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "B&R Industrial Automation", "product": "Automation Studio", "versions": [{"status": "affected", "version": "4.0", "versionType": "custom", "lessThanOrEqual": "4.12"}], "defaultStatus": "unaffected"}], "datePublic": "2021-10-28T18:30:00.000Z", "references": [{"url": "https://www.br-automation.com/fileadmin/2021-12_RCE_Vulnerability_in_BnR_Automation_Studio-1b993aeb.pdf"}], "workarounds": [{"lang": "en", "value": "\nB&R recommends the following specific workarounds and mitigations:\nOpen only B&R Automation Studio project files from trusted source.\nProtect locations where B&R Automation Studio projects are stored from unauthorized access. This \nincludes PLCs, when using the feature to back up project source files on target.\nDo not run B&R Automation Studio in elevated mode.\nVerify integrity of B&R Automation Studio project files, which are exchanged via potentially insecure \nchannels.\nMake sure, that Windows User Access Control (UAC) is enabled.\nIn general, B&R recommends implementing the Cyber Security guidelines.\n\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\nB&R recommends the following specific workarounds and mitigations:\nOpen only B&R Automation Studio project files from trusted source.\nProtect locations where B&R Automation Studio projects are stored from unauthorized access. This \nincludes PLCs, when using the feature to back up project source files on target.\nDo not run B&R Automation Studio in elevated mode.\nVerify integrity of B&R Automation Studio project files, which are exchanged via potentially insecure \nchannels.\nMake sure, that Windows User Access Control (UAC) is enabled.\nIn general, B&R recommends implementing the Cyber Security guidelines.\n\n<br>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Improper Control of Generation of Code ('Code Injection') vulnerability in B&R Industrial Automation Automation Studio allows Local Execution of Code.This issue affects Automation Studio: from 4.0 through 4.12.\n\n", "supportingMedia": [{"type": "text/html", "value": "Improper Control of Generation of Code ('Code Injection') vulnerability in B&R Industrial Automation Automation Studio allows Local Execution of Code.<p>This issue affects Automation Studio: from 4.0 through 4.12.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB", "dateUpdated": "2024-02-02T11:25:49.556Z"}}}, "cveMetadata": {"cveId": "CVE-2021-22282", "state": "PUBLISHED", "dateUpdated": "2025-06-17T21:29:23.035Z", "dateReserved": "2021-01-05T17:31:49.080Z", "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "datePublished": "2024-02-02T06:38:32.358Z", "assignerShortName": "ABB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:br-automation:automation_studio:*:*:*:*:*:*:*:*", "matchCriteriaId": "1C6F1F09-B82E-4E1B-B2FA-CDCC529FA790", "versionEndIncluding": "4.12", "versionStartIncluding": "4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Improper Control of Generation of Code ('Code Injection') vulnerability in B&R Industrial Automation Automation Studio allows Local Execution of Code.This issue affects Automation Studio: from 4.0 through 4.12.\n\n"}, {"lang": "es", "value": "Un algoritmo de copia incorrecto en el componente de extracci\u00f3n de proyectos en B&R Automation Studio 4 puede permitir que un atacante no autenticado ejecute c\u00f3digo. Este problema afecta a Automation Studio: desde 4.X hasta 4.0."}], "id": "CVE-2021-22282", "lastModified": "2024-11-21T05:49:50.530", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 6.0, "source": "cybersecurity@ch.abb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-02T07:15:08.287", "references": [{"source": "cybersecurity@ch.abb.com", "tags": ["Vendor Advisory"], "url": "https://www.br-automation.com/fileadmin/2021-12_RCE_Vulnerability_in_BnR_Automation_Studio-1b993aeb.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.br-automation.com/fileadmin/2021-12_RCE_Vulnerability_in_BnR_Automation_Studio-1b993aeb.pdf"}], "sourceIdentifier": "cybersecurity@ch.abb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "cybersecurity@ch.abb.com", "type": "Secondary"}]}