Authentication flaw

2023-04-1412:15:00

PRIOn knowledge base

www.prio-n.com

vulnerability

network-based attacker

bypass

authentication mechanism

visualization

b&r industrial automation

9.7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

62.0%

JSON

Improper Authentication vulnerability in B&R Industrial Automation B&R VC4 (VNC-Server modules). This vulnerability may allow an unauthenticated network-based attacker to bypass the authentication mechanism of the VC4 visualization on affected devices. The impact of this vulnerability depends on the functionality provided in the visualization.
This issue affects B&R VC4: from 3.* through 3.96.7, from 4.0* through 4.06.7, from 4.1* through 4.16.3, from 4.2* through 4.26.8, from 4.3* through 4.34.6, from 4.4* through 4.45.1, from 4.5* through 4.45.3, from 4.7* through 4.72.9.

CPENameOperatorVersion
vc4ge4.70.0
vc4lt4.73.0
vc4ge4.50.0
vc4le4.53.0
vc4ge4.40.0
vc4le4.45.1
vc4ge4.30.0
vc4lt4.34.7
vc4ge4.20.0
vc4le4.26.8

Name	Operator	Version
vc4	ge	4.70.0
vc4	lt	4.73.0
vc4	ge	4.50.0
vc4	le	4.53.0
vc4	ge	4.40.0
vc4	le	4.45.1
vc4	ge	4.30.0
vc4	lt	4.34.7
vc4	ge	4.20.0
vc4	le	4.26.8

Rows per page:

1-10 of 151

References

www.br-automation.com/downloads_br_productcatalogue/assets/1681046878970-en-original-1.0.pdf