CVE-2024-10490

Published: Dec 2, 2024

Modified: Dec 2, 2024

PUBLISHED

Description

An “Authentication Bypass Using an Alternate Path or Channel” vulnerability in the OPC UA Server configuration required for B&R mapp Cockpit before 6.0, B&R mapp View before 6.0, B&R mapp Services before 6.0, B&R mapp Motion before 6.0 and B&R mapp Vision before 6.0 may be used by an unauthenticated network-based attacker to cause information disclosure, unintended change of data, or denial of service conditions. B&R mapp Services is only affected, when mpUserX or mpCodeBox are used in the Automation Studio project.

Vendor	Product	Versions
B&R Industrial Automation GmbH	B&R mapp Cockpit	affected `5.0;0 - < 6.0;0`
B&R Industrial Automation GmbH	B&R mapp View	affected `5.0 - < 6.0`
B&R Industrial Automation GmbH	B&R mapp Services	affected `5.0 - < 6.0`
B&R Industrial Automation GmbH	B&R mapp Motion	affected `5.0 - < 6.0`
B&R Industrial Automation GmbH	B&R mapp Vision	affected `5.0 - < 6.0`

Weaknesses (CWE)

CWE-288

References

https://www.br-automation.com/fileadmin/SA22P014-90c4aa35.pdf

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-10490

Description

Affected Products

Weaknesses (CWE)

References