CVE-2024-0323

Summary

The FTP server used on the B&R Automation Runtime supports unsecure encryption mechanisms, such as SSLv3, TLSv1.0 and TLS1.1. An network-based attacker can exploit the flaws to conduct man-in-the-middle attacks or to decrypt communications between the affected product clients.

Affected Software

VendorProductVersion RangeStatus
B&R Industrial AutomationAutomation Runtime14.0 < 14.93affected

Weaknesses

  • CWE-1240: CWE-1240: Use of a Cryptographic Primitive with a Risky Implementation

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References