B&R Industrial Automation Automation Studio and Automation Runtime (ICSA-20-051-01) – Products Used in the Energy Sector

CISA has published an advisory on an improper authorization vulnerability in B&R Industrial Automation Automation Studio and Automation Runtime. Multiple versions of both products are affected. Successful exploitation of this vulnerability may allow a remote attacker to modify the configuration of affected devices. B&R reports product-technical reasons disallow the changing of SNMP credentials. To reduce risk from this vulnerability, the following Automation Studio versions disable the SNMP service by default in newly created AS projects. B&R recommends that affected users evaluate their need for the SNMP service and disable it if possible. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.