CVE-2023-1617— B&R Industrial Automation B&R VC4 授权问题漏洞

Improper Authentication Mechanism in B&R VC4 Visualization

Improper Authentication vulnerability in B&R Industrial Automation B&R VC4 (VNC-Server modules).  This vulnerability may allow an unauthenticated network-based attacker to bypass the authentication mechanism of the VC4 visualization on affected devices. The impact of this vulnerability depends on the functionality provided in the visualization. This issue affects B&R VC4: from 3.* through 3.96.7, from 4.0* through 4.06.7, from 4.1* through 4.16.3, from 4.2* through 4.26.8, from 4.3* through 4.34.6, from 4.4* through 4.45.1, from 4.5* through 4.45.3, from 4.7* through 4.72.9.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

认证机制不恰当

B&R Industrial Automation B&R VC4 授权问题漏洞

B&R Industrial Automation B&R VC4是奥地利贝加莱工业自动化（B&R Industrial Automation）公司的一种可视化系统。可用于创建线显示器或控制带有按键和/或触摸屏的集成或远程 XGA 显示器。 B&R Industrial Automation B&R VC4存在安全漏洞，该漏洞源于存在不正确身份验证漏洞，此漏洞可能允许未经身份验证的基于网络的攻击者绕过受影响设备上VC4可视化的身份验证机制。

N/A

N/A