B&R Automation Studio (ICSA-20-093-01) – Product Used in the Energy Sector

CISA has published an advisory on improper privilege management, missing required cryptographic step, and path traversal vulnerabilities in B&R Automation Studio. Numerous versions of this product are affected. Successful exploitation of these vulnerabilities could allow an attacker to delete arbitrary files from this system, fetch arbitrary files, or perform arbitrary write operations. B&R recommends applying product updates or applying a series of workarounds until updates can be applied. CISA also recommends a series of measures to mitigate the vulnerabilities. Read the advisory at CISA.