CVE-2024-5801 – IP Forwarding enabled in B&R Automation Runtime
https://notcve.org/view.php?id=CVE-2024-5801
Enabled IP Forwarding feature in B&R Automation Runtime versions before 6.0.2 may allow remote attack-ers to compromise network security by routing IP-based packets through the host, potentially by-passing firewall, router, or NAC filtering. • https://www.br-automation.com/fileadmin/SA24P011-d8aaf02f.pdf • CWE-653: Improper Isolation or Compartmentalization CWE-1188: Initialization of a Resource with an Insecure Default •
CVE-2024-5800 – Diffie-Hellman groups with insufficient strength used in SSL/TLS stack of B&R Automation Runtime
https://notcve.org/view.php?id=CVE-2024-5800
Diffie-Hellman groups with insufficient strength are used in the SSL/TLS stack of B&R Automation Runtime versions before 6.0.2, allowing a network attacker to decrypt the SSL/TLS communication. • https://www.br-automation.com/fileadmin/SA24P011-d8aaf02f.pdf • CWE-326: Inadequate Encryption Strength •
CVE-2021-22280 – DLL Hijacking Vulnerability in Automation Studio
https://notcve.org/view.php?id=CVE-2021-22280
Improper DLL loading algorithms in B&R Automation Studio versions >=4.0 and <4.12 may allow an authenticated local attacker to execute code in the context of the product. Los algoritmos de carga de DLL inadecuados en B&R Automation Studio pueden permitir que un atacante local autenticado ejecute código con privilegios elevados. Este problema afecta a las versiones de Automation Studio anteriores a la 4.12. • https://www.br-automation.com/fileadmin/2021-10_DLL_Hijacking_Vulnerability_in_Automation_Studio-7dd34511.pdf • CWE-20: Improper Input Validation •
CVE-2024-2637 – Insecure Loading of Code in B&R Products
https://notcve.org/view.php?id=CVE-2024-2637
An Uncontrolled Search Path Element vulnerability in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automation mapp View, B&R Industrial Automation mapp Cockpit, B&R Industrial Automation mapp Safety, B&R Industrial Automation VC4 could allow an authenticated local attacker to execute malicious code by placing specially crafted files in the loading search path.This issue affects Scene Viewer: before 4.4.0; Automation Runtime: before J4.93; mapp Vision: before 5.26.1; mapp View: before 5.24.2; mapp Cockpit: before 5.24.2; mapp Safety: before 5.24.2; VC4: before 4.73.2. Un atacante local autenticado que aprovechara con éxito esta vulnerabilidad podría insertar y ejecutar código arbitrario utilizando software legítimo de B&R. Una vulnerabilidad de elemento de ruta de búsqueda no controlada en B&R Industrial Automation Scene Viewer, B&R Industrial Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automation mapp View, B&R Industrial Automation mapp Cockpit, B&R Industrial Automation mapp Safety, B&R Industrial Automation VC4 podría permitir una autenticación atacante local ejecute código malicioso colocando archivos especialmente manipulados en la ruta de búsqueda de carga. Este problema afecta a Scene Viewer: antes de 4.4.0; Automation Runtime: antes de J4.93; mapp Vision: antes de 5.26.1; mapp View: antes de 5.24.2; Cockpit mapp: antes de 5.24.2; mapp Safety: antes de 5.24.2; VC4: antes de 4.73.2. • https://www.br-automation.com/fileadmin/SA24P005_Insecure_Loading_of_Code-c7d9e49c.pdf • CWE-427: Uncontrolled Search Path Element •
CVE-2024-0220 – B&R products use insufficient communication encryption
https://notcve.org/view.php?id=CVE-2024-0220
B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive data. B&R Automation Studio Upgrade Service y B&R Technology Guarding utilizan criptografía insuficiente para la comunicación con la actualización y los servidores de licencias. Un atacante basado en la red podría aprovechar la vulnerabilidad para ejecutar código arbitrario en los productos o rastrear datos confidenciales. Falta de cifrado de datos confidenciales, transmisión de texto plano de información confidencial, control inadecuado de la generación de código ("inyección de código"), vulnerabilidad de fuerza de cifrado inadecuada en B&R Industrial Automation B&R Automation Studio (módulos de servicio de actualización), B&R Industrial Automation Technology Guarding.Este problema afecta a B&R Automation Studio: <4,6; Protección de tecnología: <1.4.0. • https://www.br-automation.com/fileadmin/SA23P019_Automation_Studio_Upgrade_Service_uses_insufficient_encryption.pdf-1b3b181c.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-311: Missing Encryption of Sensitive Data CWE-319: Cleartext Transmission of Sensitive Information CWE-326: Inadequate Encryption Strength CWE-1240: Use of a Cryptographic Primitive with a Risky Implementation •