CVE-2024-2637
Insecure Loading of Code in B&R Products
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An Uncontrolled Search Path Element vulnerability in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automation mapp View, B&R Industrial Automation mapp Cockpit, B&R Industrial Automation mapp Safety, B&R Industrial Automation VC4 could allow an authenticated local attacker to execute malicious code by placing specially crafted files in the loading search path.This issue affects Scene Viewer: before 4.4.0; Automation Runtime: before J4.93; mapp Vision: before 5.26.1; mapp View: before 5.24.2; mapp Cockpit: before 5.24.2; mapp Safety: before 5.24.2; VC4: before 4.73.2.
Un atacante local autenticado que aprovechara con éxito esta vulnerabilidad podría insertar y ejecutar código arbitrario utilizando software legítimo de B&R. Una vulnerabilidad de elemento de ruta de búsqueda no controlada en B&R Industrial Automation Scene Viewer, B&R Industrial Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automation mapp View, B&R Industrial Automation mapp Cockpit, B&R Industrial Automation mapp Safety, B&R Industrial Automation VC4 podría permitir una autenticación atacante local ejecute código malicioso colocando archivos especialmente manipulados en la ruta de búsqueda de carga. Este problema afecta a Scene Viewer: antes de 4.4.0; Automation Runtime: antes de J4.93; mapp Vision: antes de 5.26.1; mapp View: antes de 5.24.2; Cockpit mapp: antes de 5.24.2; mapp Safety: antes de 5.24.2; VC4: antes de 4.73.2.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2024-03-19 CVE Reserved
- 2024-05-14 CVE Published
- 2024-05-15 EPSS Updated
- 2024-08-01 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-427: Uncontrolled Search Path Element
CAPEC
- CAPEC-641: DLL Side-Loading
References (1)
| URL | Tag | Source |
|---|---|---|
| https://www.br-automation.com/fileadmin/SA24P005_Insecure_Loading_of_Code-c7d9e49c.pdf |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| B&R Industrial Automation Search vendor "B&R Industrial Automation" | Scene Viewer Search vendor "B&R Industrial Automation" for product "Scene Viewer" | < 4.4.0 Search vendor "B&R Industrial Automation" for product "Scene Viewer" and version " < 4.4.0" | en |
Affected
| ||||||
| B&R Industrial Automation Search vendor "B&R Industrial Automation" | Mapp Vision Search vendor "B&R Industrial Automation" for product "Mapp Vision" | < 5.26.1 Search vendor "B&R Industrial Automation" for product "Mapp Vision" and version " < 5.26.1" | en |
Affected
| ||||||
| B&R Industrial Automation Search vendor "B&R Industrial Automation" | Mapp View Search vendor "B&R Industrial Automation" for product "Mapp View" | < 5.24.2 Search vendor "B&R Industrial Automation" for product "Mapp View" and version " < 5.24.2" | en |
Affected
| ||||||
| B&R Industrial Automation Search vendor "B&R Industrial Automation" | Mapp Cockpit Search vendor "B&R Industrial Automation" for product "Mapp Cockpit" | < 5.24.2 Search vendor "B&R Industrial Automation" for product "Mapp Cockpit" and version " < 5.24.2" | en |
Affected
| ||||||
| B&R Industrial Automation Search vendor "B&R Industrial Automation" | Mapp Safety Search vendor "B&R Industrial Automation" for product "Mapp Safety" | < 5.24.2 Search vendor "B&R Industrial Automation" for product "Mapp Safety" and version " < 5.24.2" | en |
Affected
| ||||||
| B&R Industrial Automation Search vendor "B&R Industrial Automation" | VC4 Search vendor "B&R Industrial Automation" for product "VC4" | < 4.73.2 Search vendor "B&R Industrial Automation" for product "VC4" and version " < 4.73.2" | en |
Affected
| ||||||