Lucene search

K
nvd[email protected]NVD:CVE-2024-2637
HistoryMay 14, 2024 - 7:15 p.m.

CVE-2024-2637

2024-05-1419:15:10
CWE-427
web.nvd.nist.gov
7
uncontrolled search path
b&r industrial automation
authenticated local attacker
malicious code
scene viewer
automation runtime
mapp vision
mapp view
mapp cockpit
mapp safety
vc4

CVSS3

7.2

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

EPSS

0

Percentile

9.0%

An Uncontrolled Search Path Element vulnerability in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automation mapp View, B&R Industrial Automation mapp Cockpit, B&R Industrial Automation mapp Safety, B&R Industrial Automation VC4 could allow an authenticated local attacker to execute malicious code by placing specially crafted files in the loading search path.This issue affects Scene Viewer: before 4.4.0; Automation Runtime: before J4.93; mapp Vision: before 5.26.1; mapp View: before 5.24.2; mapp Cockpit: before 5.24.2; mapp Safety: before 5.24.2; VC4: before 4.73.2.

CVSS3

7.2

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

EPSS

0

Percentile

9.0%

Related for NVD:CVE-2024-2637