Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-2637— Insecure Loading of Code in B&R Products

CVSS 7.2 · High EPSS 0.04% · P13
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-2637

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Insecure Loading of Code in B&R Products
Source: NVD (National Vulnerability Database)
Vulnerability Description
An Uncontrolled Search Path Element vulnerability in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automation mapp View, B&R Industrial Automation mapp Cockpit, B&R Industrial Automation mapp Safety, B&R Industrial Automation VC4, B&R Industrial Automation APROL, B&R Industrial Automation CAN Driver, B&R Industrial Automation CAN Driver CC770, B&R Industrial Automation CAN Driver SJA1000, B&R Industrial Automation Tou0ch Lock, B&R Industrial Automation B&R Single-Touch Driver, B&R Industrial Automation Serial User Mode Touch Driver, B&R Industrial Automation Windows Settings Changer (LTSC), B&R Industrial Automation Windows Settings Changer (2019 LTSC), B&R Industrial Automation Windows 10 Recovery Solution, B&R Industrial Automation ADI driver universal, B&R Industrial Automation ADI Development Kit, B&R Industrial Automation ADI .NET SDK, B&R Industrial Automation SRAM driver, B&R Industrial Automation HMI Service Center, B&R Industrial Automation HMI Service Center Maintenance, B&R Industrial Automation Windows 10 IoT Enterprise 2019 LTSC, B&R Industrial Automation KCF Editor could allow an authenticated local attacker to execute malicious code by placing specially crafted files in the loading search path..This issue affects Scene Viewer: before 4.4.0; Automation Runtime: before J4.93; mapp Vision: before 5.26.1; mapp View: before 5.24.2; mapp Cockpit: before 5.24.2; mapp Safety: before 5.24.2; VC4: before 4.73.2; APROL: before 4.4-01; CAN Driver: before 1.1.0; CAN Driver CC770: before 3.3.0; CAN Driver SJA1000: before 1.3.0; Tou0ch Lock: before 2.1.0; B&R Single-Touch Driver: before 2.0.0; Serial User Mode Touch Driver: before 1.7.1; Windows Settings Changer (LTSC): before 3.2.0; Windows Settings Changer (2019 LTSC): before 2.2.0; Windows 10 Recovery Solution: before 3.2.0; ADI driver universal: before 3.2.0; ADI Development Kit: before 5.5.0; ADI .NET SDK: before 4.1.0; SRAM driver: before 1.2.0; HMI Service Center: before 3.1.0; HMI Service Center Maintenance: before 2.1.0; Windows 10 IoT Enterprise 2019 LTSC: through 1.1; KCF Editor: before 1.1.0.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
对搜索路径元素未加控制
Source: NVD (National Vulnerability Database)
Vulnerability Title
B&R Industrial Automation Scene Viewer 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
B&R Industrial Automation Scene Viewer是奥地利贝加莱工业自动化(B&R Industrial Automation)公司的一种可视化工具,主要用于工业自动化系统中的可视化和仿真场景。 部分B&R产品存在代码问题漏洞。攻击者利用该漏洞可以远程执行代码。以下产品及版本受到影响:Scene Viewer 4.4.0之前版本、Automation Runtime J4.93之前版本、mapp Vision 5.26.1之前版本、mapp View 5.24.2之前版本、map
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
B&R Industrial AutomationScene Viewer 0 ~ 4.4.0 -
B&R Industrial AutomationAutomation Runtime 0 ~ J4.93 -
B&R Industrial Automationmapp Vision 0 ~ 5.26.1 -
B&R Industrial Automationmapp View 0 ~ 5.24.2 -
B&R Industrial Automationmapp Cockpit 0 ~ 5.24.2 -
B&R Industrial Automationmapp Safety 0 ~ 5.24.2 -
B&R Industrial AutomationVC4 0 ~ 4.73.2 -
B&R Industrial AutomationAPROL 0 ~ 4.4-01 -
B&R Industrial AutomationCAN Driver 0 ~ 1.1.0 -
B&R Industrial AutomationCAN Driver CC770 0 ~ 3.3.0 -
B&R Industrial AutomationCAN Driver SJA1000 0 ~ 1.3.0 -
B&R Industrial AutomationTou0ch Lock 0 ~ 2.1.0 -
B&R Industrial AutomationB&R Single-Touch Driver 0 ~ 2.0.0 -
B&R Industrial AutomationSerial User Mode Touch Driver 0 ~ 1.7.1 -
B&R Industrial AutomationWindows Settings Changer (LTSC) 0 ~ 3.2.0 -
B&R Industrial AutomationWindows Settings Changer (2019 LTSC) 0 ~ 2.2.0 -
B&R Industrial AutomationWindows 10 Recovery Solution 0 ~ 3.2.0 -
B&R Industrial AutomationADI driver universal 0 ~ 3.2.0 -
B&R Industrial AutomationADI Development Kit 0 ~ 5.5.0 -
B&R Industrial AutomationADI .NET SDK 0 ~ 4.1.0 -
B&R Industrial AutomationSRAM driver 0 ~ 1.2.0 -
B&R Industrial AutomationHMI Service Center 0 ~ 3.1.0 -
B&R Industrial AutomationHMI Service Center Maintenance 0 ~ 2.1.0 -
B&R Industrial AutomationWindows 10 IoT Enterprise 2019 LTSC 0 ~ 1.1 -
B&R Industrial AutomationKCF Editor 0 ~ 1.1.0 -

II. Public POCs for CVE-2024-2637

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2024-2637

登录查看更多情报信息。

IV. Related Vulnerabilities

Same vendor: B&R Industrial Automation
Same weakness: CWE-427

V. Comments for CVE-2024-2637

No comments yet

Leave a comment