CVE-2024-2637

Published: May 14, 2024

Modified: Apr 24, 2025

PUBLISHED

CVSS v3.1

7.2

HIGH

Description

An Uncontrolled Search Path Element vulnerability in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automation mapp View, B&R Industrial Automation mapp Cockpit, B&R Industrial Automation mapp Safety, B&R Industrial Automation VC4, B&R Industrial Automation APROL, B&R Industrial Automation CAN Driver, B&R Industrial Automation CAN Driver CC770, B&R Industrial Automation CAN Driver SJA1000, B&R Industrial Automation Tou0ch Lock, B&R Industrial Automation B&R Single-Touch Driver, B&R Industrial Automation Serial User Mode Touch Driver, B&R Industrial Automation Windows Settings Changer (LTSC), B&R Industrial Automation Windows Settings Changer (2019 LTSC), B&R Industrial Automation Windows 10 Recovery Solution, B&R Industrial Automation ADI driver universal, B&R Industrial Automation ADI Development Kit, B&R Industrial Automation ADI .NET SDK, B&R Industrial Automation SRAM driver, B&R Industrial Automation HMI Service Center, B&R Industrial Automation HMI Service Center Maintenance, B&R Industrial Automation Windows 10 IoT Enterprise 2019 LTSC, B&R Industrial Automation KCF Editor could allow an authenticated local attacker to execute malicious code by placing specially crafted files in the loading search path..This issue affects Scene Viewer: before 4.4.0; Automation Runtime: before J4.93; mapp Vision: before 5.26.1; mapp View: before 5.24.2; mapp Cockpit: before 5.24.2; mapp Safety: before 5.24.2; VC4: before 4.73.2; APROL: before 4.4-01; CAN Driver: before 1.1.0; CAN Driver CC770: before 3.3.0; CAN Driver SJA1000: before 1.3.0; Tou0ch Lock: before 2.1.0; B&R Single-Touch Driver: before 2.0.0; Serial User Mode Touch Driver: before 1.7.1; Windows Settings Changer (LTSC): before 3.2.0; Windows Settings Changer (2019 LTSC): before 2.2.0; Windows 10 Recovery Solution: before 3.2.0; ADI driver universal: before 3.2.0; ADI Development Kit: before 5.5.0; ADI .NET SDK: before 4.1.0; SRAM driver: before 1.2.0; HMI Service Center: before 3.1.0; HMI Service Center Maintenance: before 2.1.0; Windows 10 IoT Enterprise 2019 LTSC: through 1.1; KCF Editor: before 1.1.0.

Vendor	Product	Versions
B&R Industrial Automation	Scene Viewer	affected `0 - < 4.4.0`
B&R Industrial Automation	Automation Runtime	affected `0 - < J4.93`
B&R Industrial Automation	mapp Vision	affected `0 - < 5.26.1`
B&R Industrial Automation	mapp View	affected `0 - < 5.24.2`
B&R Industrial Automation	mapp Cockpit	affected `0 - < 5.24.2`
B&R Industrial Automation	mapp Safety	affected `0 - < 5.24.2`
B&R Industrial Automation	VC4	affected `0 - < 4.73.2`
B&R Industrial Automation	APROL	affected `0 - < 4.4-01`
B&R Industrial Automation	CAN Driver	affected `0 - < 1.1.0`
B&R Industrial Automation	CAN Driver CC770	affected `0 - < 3.3.0`
B&R Industrial Automation	CAN Driver SJA1000	affected `0 - < 1.3.0`
B&R Industrial Automation	Tou0ch Lock	affected `0 - < 2.1.0`
B&R Industrial Automation	B&R Single-Touch Driver	affected `0 - < 2.0.0`
B&R Industrial Automation	Serial User Mode Touch Driver	affected `0 - < 1.7.1`
B&R Industrial Automation	Windows Settings Changer (LTSC)	affected `0 - < 3.2.0`
B&R Industrial Automation	Windows Settings Changer (2019 LTSC)	affected `0 - < 2.2.0`
B&R Industrial Automation	Windows 10 Recovery Solution	affected `0 - < 3.2.0`
B&R Industrial Automation	ADI driver universal	affected `0 - < 3.2.0`
B&R Industrial Automation	ADI Development Kit	affected `0 - < 5.5.0`
B&R Industrial Automation	ADI .NET SDK	affected `0 - < 4.1.0`
B&R Industrial Automation	SRAM driver	affected `0 - < 1.2.0`
B&R Industrial Automation	HMI Service Center	affected `0 - < 3.1.0`
B&R Industrial Automation	HMI Service Center Maintenance	affected `0 - < 2.1.0`
B&R Industrial Automation	Windows 10 IoT Enterprise 2019 LTSC	affected `0 - <= 1.1`
B&R Industrial Automation	KCF Editor	affected `0 - < 1.1.0`

Weaknesses (CWE)

CWE-427

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

High

Privileges Required

High

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

References

https://www.br-automation.com/fileadmin/SA24P005_Insecure_Loading_of_Code-c7d9e49c.pdf

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-2637

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References