CVE-2019-19100 | Vulnerability Database | Aqua Security

A privilege escalation vulnerability in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x, 4.2.x, < 4.3.11SP, < 4.4.9SP, < 4.5.4SP, <. 4.6.3SP, < 4.7.2 and < 4.8.1 allow authenticated users to delete arbitrary files via an exposed interface.

Affected Software

Name	Vendor	Start Version	End Version
Automation_studio	Br-automation	4.0 (including)	4.0.29.87 (including)
Automation_studio	Br-automation	4.1 (including)	4.1.17.113 (including)
Automation_studio	Br-automation	4.2 (including)	4.2.14.119 (including)
Automation_studio	Br-automation	4.3 (including)	4.3.11 (excluding)
Automation_studio	Br-automation	4.4 (including)	4.4.9 (excluding)
Automation_studio	Br-automation	4.5 (including)	4.5.4 (excluding)
Automation_studio	Br-automation	4.6 (including)	4.6.3 (excluding)
Automation_studio	Br-automation	4.7 (including)	4.7.2 (excluding)
Automation_studio	Br-automation	4.8 (including)	4.8 (including)

References

https://www.br-automation.com/en/downloads/032020-multiple-vulnerabilities-in-automation-studio/

NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-19100
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html