← Back to home
ICSA-20-051-01  ·  Published 2020-02-20  ·  View on CISA ICS-CERT ↗

ICSA-20-051-01_B&R Automation Studio and Automation Runtime

CVSS 9.4 CRITICAL

CVEs (1)

Remediations

  • B&R reports product-technical reasons disallow the changing of SNMP credentials. To reduce risk from this vulnerability, the following Automation Studio versions disable the SNMP service by default in newly created AS projects:
  • AS 4.6.5 (Planned release date: 2020-03-27) and higher
  • AS 4.7.3 (Planned release date: 2020-04-10) and higher
  • AS 4.8.2 (Planned release date: 2020-06-11) and higher
  • B&R reports the above-mentioned dates denoted as planned are preliminary and may be subject to change. Registered users may approach their local B&R service organization in case of questions. B&R recommends that affected users evaluate their need for the SNMP service and disable it if possible. For more information related to this vulnerability please refer to the B&R advisory. For additional information and support, please contact B&R service.

Affected Vendors

B&R Industrial Automation

Affected Products (2)

B&R Industrial Automation · Automation Studio 2.7 | 3.0.71 | 3.0.80 | 3.0.81 | 3.0.90 | >= 4.0.x | <= 4.6.4 | 4.7.2
B&R Industrial Automation · Automation Runtime 2.96 | 3.00 | 3.01 | 3.06 | 3.07 | >= 3.08 | <= 3.10 | >= 4.00 | <= 4.03 | >= 4.03 | <= 4.04 | >= 4.04 | <= 4.63 | >= 4.72

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more