// For flags

CVE-2024-0323

FTP uses unsecure encryption mechanisms

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Attend
*SSVC
Descriptions

The FTP server used on the B&R
Automation Runtime supports unsecure encryption mechanisms, such as SSLv3,
TLSv1.0 and TLS1.1. An network-based attacker can exploit the flaws to conduct
man-in-the-middle attacks or to decrypt communications between the affected product
clients.

Uso de una vulnerabilidad de algoritmo criptográfico defectuoso o riesgoso en B&R Industrial Automation Automation Runtime (módulos SDM). El servidor FTP utilizado en B&R Automation Runtime admite mecanismos de cifrado no seguros, como SSLv3, TLSv1.0 y TLS1.1. Un atacante basado en red puede explotar las fallas para realizar ataques de intermediario o para descifrar las comunicaciones entre los clientes del producto afectado. Este problema afecta a Automation Runtime: desde 14.0 antes de 14.93.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:Attend
Exploitation
None
Automatable
Yes
Tech. Impact
Total
* Organization's Worst-case Scenario
Timeline
  • 2024-01-08 CVE Reserved
  • 2024-02-05 CVE Published
  • 2024-02-14 EPSS Updated
  • 2024-09-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-327: Use of a Broken or Risky Cryptographic Algorithm
  • CWE-1240: Use of a Cryptographic Primitive with a Risky Implementation
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Br-automation
Search vendor "Br-automation"
Automation Runtime
Search vendor "Br-automation" for product "Automation Runtime"
<= i4.93
Search vendor "Br-automation" for product "Automation Runtime" and version " <= i4.93"
-
Affected