CVE-2021-22282 - OpenCVE

Improper Control of Generation of Code ('Code Injection') vulnerability in B&R Industrial Automation Automation Studio allows Local Execution of Code.This issue affects Automation Studio: from 4.0 through 4.12.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Br-automation	Automation Studio

Configuration 1 [-]

cpe:2.3:a:br-automation:automation_studio:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.br-automation.com/fileadmin/2021-12_RCE_Vulnerability_in_BnR_Automation_Studio-1b993aeb.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: ABB

Published: 2024-02-02T06:38:32.358Z

Updated: 2024-08-03T18:37:18.516Z

Reserved: 2021-01-05T17:31:49.080Z

Link: CVE-2021-22282

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2024-02-02T07:15:08.287

Modified: 2024-02-10T04:04:59.457

Link: CVE-2021-22282

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-22282", "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "state": "PUBLISHED", "assignerShortName": "ABB", "dateReserved": "2021-01-05T17:31:49.080Z", "datePublished": "2024-02-02T06:38:32.358Z", "dateUpdated": "2024-08-03T18:37:18.516Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Automation Studio", "vendor": "B&R Industrial Automation", "versions": [{"lessThanOrEqual": "4.12", "status": "affected", "version": "4.0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "B&R would like to thank the following for working with us to help protect our customers: Mr. Mashav Sapir of Claroty, Mr. Andrew Hofmans"}], "datePublic": "2021-10-28T18:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Control of Generation of Code ('Code Injection') vulnerability in B&R Industrial Automation Automation Studio allows Local Execution of Code.<p>This issue affects Automation Studio: from 4.0 through 4.12.</p>"}], "value": "Improper Control of Generation of Code ('Code Injection') vulnerability in B&R Industrial Automation Automation Studio allows Local Execution of Code.This issue affects Automation Studio: from 4.0 through 4.12.\n\n"}], "impacts": [{"capecId": "CAPEC-549", "descriptions": [{"lang": "en", "value": "CAPEC-549 Local Execution of Code"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB", "dateUpdated": "2024-02-02T11:25:49.556Z"}, "references": [{"url": "https://www.br-automation.com/fileadmin/2021-12_RCE_Vulnerability_in_BnR_Automation_Studio-1b993aeb.pdf"}], "source": {"discovery": "UNKNOWN"}, "title": "RCE in B&R Automation Studio with crafted project files", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\nB&R recommends the following specific workarounds and mitigations:\nOpen only B&R Automation Studio project files from trusted source.\nProtect locations where B&R Automation Studio projects are stored from unauthorized access. This \nincludes PLCs, when using the feature to back up project source files on target.\nDo not run B&R Automation Studio in elevated mode.\nVerify integrity of B&R Automation Studio project files, which are exchanged via potentially insecure \nchannels.\nMake sure, that Windows User Access Control (UAC) is enabled.\nIn general, B&R recommends implementing the Cyber Security guidelines.\n\n<br>"}], "value": "\nB&R recommends the following specific workarounds and mitigations:\nOpen only B&R Automation Studio project files from trusted source.\nProtect locations where B&R Automation Studio projects are stored from unauthorized access. This \nincludes PLCs, when using the feature to back up project source files on target.\nDo not run B&R Automation Studio in elevated mode.\nVerify integrity of B&R Automation Studio project files, which are exchanged via potentially insecure \nchannels.\nMake sure, that Windows User Access Control (UAC) is enabled.\nIn general, B&R recommends implementing the Cyber Security guidelines.\n\n\n"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T18:37:18.516Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.br-automation.com/fileadmin/2021-12_RCE_Vulnerability_in_BnR_Automation_Studio-1b993aeb.pdf", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:br-automation:automation_studio:*:*:*:*:*:*:*:*", "matchCriteriaId": "1C6F1F09-B82E-4E1B-B2FA-CDCC529FA790", "versionEndIncluding": "4.12", "versionStartIncluding": "4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Control of Generation of Code ('Code Injection') vulnerability in B&R Industrial Automation Automation Studio allows Local Execution of Code.This issue affects Automation Studio: from 4.0 through 4.12.\n\n"}, {"lang": "es", "value": "Un algoritmo de copia incorrecto en el componente de extracci\u00f3n de proyectos en B&R Automation Studio 4 puede permitir que un atacante no autenticado ejecute c\u00f3digo. Este problema afecta a Automation Studio: desde 4.X hasta 4.0."}], "id": "CVE-2021-22282", "lastModified": "2024-02-10T04:04:59.457", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 6.0, "source": "cybersecurity@ch.abb.com", "type": "Secondary"}]}, "published": "2024-02-02T07:15:08.287", "references": [{"source": "cybersecurity@ch.abb.com", "tags": ["Vendor Advisory"], "url": "https://www.br-automation.com/fileadmin/2021-12_RCE_Vulnerability_in_BnR_Automation_Studio-1b993aeb.pdf"}], "sourceIdentifier": "cybersecurity@ch.abb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "cybersecurity@ch.abb.com", "type": "Primary"}]}