Zip Slip Vulnerability in B&R Automation Studio Upgrade Service

Zip Slip Vulnerability in B&R Automation Studio Upgrade Service

CVE-2019-19102 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

A directory traversal vulnerability in SharpZipLib used in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x and 4.2.x allow unauthenticated users to write to certain local directories. The vulnerability is also known as zip slip.

Learn more about our User Device Pen Test.