Lucene search

K
cve[email protected]CVE-2024-2637
HistoryMay 14, 2024 - 7:15 p.m.

CVE-2024-2637

2024-05-1419:15:10
CWE-427
web.nvd.nist.gov
36
uncontrolled search path element
b&r industrial automation
authenticated local attacker
arbitrary code

7.2 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

8.9%

An Uncontrolled Search Path Element vulnerability in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automation mapp View, B&R Industrial Automation mapp Cockpit, B&R Industrial Automation mapp Safety, B&R Industrial Automation VC4 could allow an authenticated local attacker to execute malicious code by placing specially crafted files in the loading search path.This issue affects Scene Viewer: before 4.4.0; Automation Runtime: before J4.93; mapp Vision: before 5.26.1; mapp View: before 5.24.2; mapp Cockpit: before 5.24.2; mapp Safety: before 5.24.2; VC4: before 4.73.2.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Scene Viewer",
    "vendor": "B&R Industrial Automation",
    "versions": [
      {
        "lessThan": "4.4.0",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Automation Runtime",
    "vendor": "B&R Industrial Automation",
    "versions": [
      {
        "lessThan": "J4.93",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "mapp Vision",
    "vendor": "B&R Industrial Automation",
    "versions": [
      {
        "lessThan": "5.26.1",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "mapp View",
    "vendor": "B&R Industrial Automation",
    "versions": [
      {
        "lessThan": "5.24.2",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "mapp Cockpit",
    "vendor": "B&R Industrial Automation",
    "versions": [
      {
        "lessThan": "5.24.2",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "mapp Safety",
    "vendor": "B&R Industrial Automation",
    "versions": [
      {
        "lessThan": "5.24.2",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VC4",
    "vendor": "B&R Industrial Automation",
    "versions": [
      {
        "lessThan": "4.73.2",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

7.2 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

8.9%

Related for CVE-2024-2637