B&R Automation Studio and PVI Windows Services

1. ADVISORY INFORMATION

Product: B&R Automation Net/PVI
Vendor URL: https://www.br-automation.com/en-us/products/software/automation-netpvi/
Vulnerability #1: CVE-2020-24681 Automation Studio incorrect permission assignments for services. CVSS v3 Base Score: 8.2 (High)
Vulnerability #2: CVE-2020-24681 Net/PVI incorrect permission assignments for services. CVSS v3 Base Score: 8.2 (High)
Vulnerability #3: CVE-2020-24682 Automation Studio unquoted service path vulnerabilities. CVSS v3 Base Score: 7.2 (High)
Vulnerability #4: CVE-2020-24682 PVI Multiple unquoted service path vulnerabilities CVSS v3 Base Score: 7.2 (High)
Date found: 2020-09-28

2. AUTHOR

This vulnerability was discovered and researched by Andrew Hofmans
Public …

more ...

DLL Hijacking Vulnerability in Automation Studio

1. ADVISORY INFORMATION

Product: B&R Automation Net/PVI
Vendor URL: https://www.br-automation.com/en-us/products/software/automation-netpvi/
Vulnerability #1: CVE-2021-22280 DLL Hijacking Vulnerability in Automation Studio. CVSS v3 Base Score: 7.2 (High)
Vulnerability #2: Improper Input Validation CWE-20
Date found: 2020-10-09

2. AUTHOR

This vulnerability was discovered and researched by Andrew Hofmans
Public key: pubkey

3. VERSIONS AFFECTED

Vulnerabilities were found and tested on the most recently released version available at the time (PVI_4.8.2.27 07/27/2020).

4. VULNERABILITY DETAILS

  1. When the PVI Manager process is started, it attempts to load DLL resources that …

more ...

Lorex Technology ECO DVR

While exploring my network I discovered that there was a securty vulnerability with my Lorex Technology ECO DVR. After doing more research and reaching out to the vendor and US-CERT I have finally documented and disclosed my first vulnerability report. It was a great learning experience working through the process and practicing responsible disclosure. Unfortunately with cve.mitre.org changing its coverage goals it did not get a CVE identifier. I submitted my report to Bugtraq and the original can be found here or here.

ADVISORY INFORMATION

Product: Lorex Technology ECO DVR
Vendor URL: https://www.lorextechnology.com/
Type: Hard …

more ...