CVE-2020-11637
5.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
Summary
A memory leak in the TFTP service in B&R Automation Runtime versions <N4.26, <N4.34, <F4.45, <E4.53, <D4.63, <A4.73 and prior could allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| B&R | Automation Runtime | unspecified <= 4.1x | affected |
| B&R | Automation Runtime | 4.2x < N4.26 | affected |
| B&R | Automation Runtime | 4.3x < N4.34 | affected |
| B&R | Automation Runtime | 4.4x < F4.45 | affected |
| B&R | Automation Runtime | 4.5x < E4.53 | affected |
| B&R | Automation Runtime | 4.6x < D4.63 | affected |
| B&R | Automation Runtime | 4.7x < A4.73 | affected |
Weaknesses
- CWE-401: CWE-401 Improper Release of Memory Before Removing Last Reference
ADP Enrichment
CVE Program Container
Additional References
- https://www.br-automation.com/downloads_br_productcatalogue/assets/1595163815396-de-original-1.0.pdf
References
- https://www.br-automation.com/downloads_br_productcatalogue/assets/1595163815396-de-original-1.0.pdf
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.