Lucene search

[email protected]NVD:CVE-2023-1617

HistoryApr 14, 2023 - 12:15 p.m.

CVE-2023-1617

2023-04-1412:15:07

CWE-287

[email protected]

web.nvd.nist.gov

cve-2023-1617

b&r industrial automation

vc4

authentication

vulnerability

network-based

bypass

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

62.0%

JSON

Improper Authentication vulnerability in B&R Industrial Automation B&R VC4 (VNC-Server modules). This vulnerability may allow an unauthenticated network-based attacker to bypass the authentication mechanism of the VC4 visualization on affected devices. The impact of this vulnerability depends on the functionality provided in the visualization.
This issue affects B&R VC4: from 3.* through 3.96.7, from 4.0* through 4.06.7, from 4.1* through 4.16.3, from 4.2* through 4.26.8, from 4.3* through 4.34.6, from 4.4* through 4.45.1, from 4.5* through 4.45.3, from 4.7* through 4.72.9.

Affected configurations

NVD

Node

br-automationvc4Range<3.96.8

br-automationvc4Range4.0.0–4.06.4

br-automationvc4Range4.10.0–4.16.3

br-automationvc4Range4.20.0–4.26.8

br-automationvc4Range4.30.0–4.34.7

br-automationvc4Range4.40.0–4.45.1

br-automationvc4Range4.50.0–4.53.0

br-automationvc4Range4.70.0–4.73.0

References

www.br-automation.com/downloads_br_productcatalogue/assets/1681046878970-en-original-1.0.pdf

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

62.0%

JSON

Related for NVD:CVE-2023-1617

cvelist1 cve1 prion1