CVE-2024-10490
Authentication bypass flaw in several mapp components
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An “Authentication Bypass Using an Alternate Path or Channel” vulnerability in the OPC UA Server configuration required for B&R mapp Cockpit before 6.0, B&R mapp View before 6.0, B&R mapp Services before 6.0, B&R mapp Motion before 6.0 and B&R mapp Vision before 6.0 may be used by an unauthenticated network-based attacker to cause information disclosure, unintended change of data, or denial of service conditions.
B&R mapp Services is only affected, when mpUserX or mpCodeBox are used in the Automation Studio project.
Una vulnerabilidad de “Omisión de autenticación mediante una ruta o canal alternativo” en la configuración del servidor OPC UA requerida para B&R mapp Cockpit anterior a la versión 6.0, B&R mapp View anterior a la versión 6.0, B&R mapp Services anterior a la versión 6.0, B&R mapp Motion anterior a la versión 6.0 y B&R mapp Vision anterior a la versión 6.0 puede ser utilizada por un atacante no autenticado basado en la red para provocar la divulgación de información, un cambio no intencionado de datos o condiciones de denegación de servicio. B&R mapp Services solo se ve afectado cuando se utilizan mpUserX o mpCodeBox en el proyecto de Automation Studio.
An “Authentication Bypass Using an Alternate Path or Channel” vulnerability in the OPC UA Server configuration required for B&R mapp Cockpit before 6.0, B&R mapp View before 6.0, B&R mapp Services before 6.0, B&R mapp Motion before 6.0 and B&R mapp Vision before 6.0 may be used by an unauthenticated network-based attacker to cause information disclosure, unintended change of data, or denial of service conditions. B&R mapp Services is only affected, when mpUserX or mpCodeBox are used in the Automation Studio project.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-10-29 CVE Reserved
- 2024-12-02 CVE Published
- 2024-12-02 CVE Updated
- 2025-04-03 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-288: Authentication Bypass Using an Alternate Path or Channel
CAPEC
References (1)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| B&R Industrial Automation GmbH Search vendor "B&R Industrial Automation GmbH" | B&R Mapp View Search vendor "B&R Industrial Automation GmbH" for product "B&R Mapp View" | >= 5.0 < 6.0 Search vendor "B&R Industrial Automation GmbH" for product "B&R Mapp View" and version " >= 5.0 < 6.0" | en |
Affected
| ||||||
| B&R Industrial Automation GmbH Search vendor "B&R Industrial Automation GmbH" | B&R Mapp Services Search vendor "B&R Industrial Automation GmbH" for product "B&R Mapp Services" | >= 5.0 < 6.0 Search vendor "B&R Industrial Automation GmbH" for product "B&R Mapp Services" and version " >= 5.0 < 6.0" | en |
Affected
| ||||||
| B&R Industrial Automation GmbH Search vendor "B&R Industrial Automation GmbH" | B&R Mapp Motion Search vendor "B&R Industrial Automation GmbH" for product "B&R Mapp Motion" | >= 5.0 < 6.0 Search vendor "B&R Industrial Automation GmbH" for product "B&R Mapp Motion" and version " >= 5.0 < 6.0" | en |
Affected
| ||||||
| B&R Industrial Automation GmbH Search vendor "B&R Industrial Automation GmbH" | B&R Mapp Vision Search vendor "B&R Industrial Automation GmbH" for product "B&R Mapp Vision" | >= 5.0 < 6.0 Search vendor "B&R Industrial Automation GmbH" for product "B&R Mapp Vision" and version " >= 5.0 < 6.0" | en |
Affected
| ||||||