Lucene search

[email protected]CVE-2024-2637

HistoryMay 14, 2024 - 7:15 p.m.

CVE-2024-2637

2024-05-1419:15:10

CWE-427

[email protected]

web.nvd.nist.gov

uncontrolled search path element

b&r industrial automation

authenticated local attacker

arbitrary code

7.2 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

8.9%

JSON

An Uncontrolled Search Path Element vulnerability in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automation mapp View, B&R Industrial Automation mapp Cockpit, B&R Industrial Automation mapp Safety, B&R Industrial Automation VC4 could allow an authenticated local attacker to execute malicious code by placing specially crafted files in the loading search path.This issue affects Scene Viewer: before 4.4.0; Automation Runtime: before J4.93; mapp Vision: before 5.26.1; mapp View: before 5.24.2; mapp Cockpit: before 5.24.2; mapp Safety: before 5.24.2; VC4: before 4.73.2.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Scene Viewer",
    "vendor": "B&R Industrial Automation",
    "versions": [
      {
        "lessThan": "4.4.0",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Automation Runtime",
    "vendor": "B&R Industrial Automation",
    "versions": [
      {
        "lessThan": "J4.93",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "mapp Vision",
    "vendor": "B&R Industrial Automation",
    "versions": [
      {
        "lessThan": "5.26.1",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "mapp View",
    "vendor": "B&R Industrial Automation",
    "versions": [
      {
        "lessThan": "5.24.2",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "mapp Cockpit",
    "vendor": "B&R Industrial Automation",
    "versions": [
      {
        "lessThan": "5.24.2",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "mapp Safety",
    "vendor": "B&R Industrial Automation",
    "versions": [
      {
        "lessThan": "5.24.2",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VC4",
    "vendor": "B&R Industrial Automation",
    "versions": [
      {
        "lessThan": "4.73.2",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.br-automation.com/fileadmin/SA24P005_Insecure_Loading_of_Code-c7d9e49c.pdf

7.2 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

8.9%

JSON

Related for CVE-2024-2637

cvelist1 nvd1