Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Zip Slip vulnerability in 3rd-Party library in B&R Automation Studio upgrade service
Vulnerability Description
A directory traversal vulnerability in SharpZipLib used in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x and 4.2.x allow unauthenticated users to write to certain local directories. The vulnerability is also known as zip slip.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
B&R Automation Studio 路径遍历漏洞
Vulnerability Description
B&R Automation Studio是奥地利B&R Automation公司的一套集成化的软件开发环境。SharpZipLib(#ziplib,前称NZipLib)是ICSharpCode团队的一个开源的用在.NET平台中的C#压缩解压库,它支持解压和压缩Zip、GZip、BZip2、Tar等格式的文件。 B&R Automation Studio 4.0.x版本、4.1.x版本和4.2.x版本的更新服务中使用的SharpZipLib库存在路径遍历漏洞。攻击者可利用该漏洞对一些本地目录进行写入操作。
CVSS Information
N/A
Vulnerability Type
N/A