Lucene search

ABBVULNRICHMENT:CVE-2024-2637

HistoryMay 14, 2024 - 6:49 p.m.

CVE-2024-2637 Insecure Loading of Code in B&R Products

2024-05-1418:49:28

CWE-427

ABB

github.com

vulnerability

b&r industrial automation

authenticated local attacker

executing malicious code

specially crafted files

scene viewer

automation runtime

mapp vision

mapp view

mapp cockpit

mapp safety

vc4

7.2 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

An Uncontrolled Search Path Element vulnerability in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automation mapp View, B&R Industrial Automation mapp Cockpit, B&R Industrial Automation mapp Safety, B&R Industrial Automation VC4 could allow an authenticated local attacker to execute malicious code by placing specially crafted files in the loading search path.This issue affects Scene Viewer: before 4.4.0; Automation Runtime: before J4.93; mapp Vision: before 5.26.1; mapp View: before 5.24.2; mapp Cockpit: before 5.24.2; mapp Safety: before 5.24.2; VC4: before 4.73.2.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Scene Viewer",
    "vendor": "B&R Industrial Automation",
    "versions": [
      {
        "lessThan": "4.4.0",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Automation Runtime",
    "vendor": "B&R Industrial Automation",
    "versions": [
      {
        "lessThan": "J4.93",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "mapp Vision",
    "vendor": "B&R Industrial Automation",
    "versions": [
      {
        "lessThan": "5.26.1",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "mapp View",
    "vendor": "B&R Industrial Automation",
    "versions": [
      {
        "lessThan": "5.24.2",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "mapp Cockpit",
    "vendor": "B&R Industrial Automation",
    "versions": [
      {
        "lessThan": "5.24.2",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "mapp Safety",
    "vendor": "B&R Industrial Automation",
    "versions": [
      {
        "lessThan": "5.24.2",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VC4",
    "vendor": "B&R Industrial Automation",
    "versions": [
      {
        "lessThan": "4.73.2",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.br-automation.com/fileadmin/SA24P005_Insecure_Loading_of_Code-c7d9e49c.pdf

7.2 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for VULNRICHMENT:CVE-2024-2637