Security Advisory – Elevated Risk of DLL Hijacking in B&R Automation Studio, Patch Available

B&R Automation Studio versions prior to 4.12 are susceptible to a high-severity DLL hijacking vulnerability, identified as CVE-2021-22280, which could allow local attackers with existing system access and authentication to execute arbitrary code with elevated privileges. This vulnerability, with a CVSS v3.1 score of 7.2, primarily threatens the confidentiality and integrity of data, potentially leading to elevated user privileges or denial of service attacks.

The issue stems from improper DLL loading mechanisms within the software. Attackers could exploit this by inserting a malicious DLL file into the system, which the software could erroneously execute under the privileges of another user’s account.

B&R has addressed this vulnerability in Automation Studio version 4.12 and advises all users to update to this or a later version. Additional recommendations include restricting access to the installation directory, ensuring all assemblies are signed with valid B&R certificates, and maintaining enabled Windows User Access Control (UAC).

For more details and cybersecurity guidelines, visit B&R’s official cybersecurity page.

Source: B&R Cyber Security Advisory