CVE-2024-2637

Summary

An Uncontrolled Search Path Element vulnerability in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automation mapp View, B&R Industrial Automation mapp Cockpit, B&R Industrial Automation mapp Safety, B&R Industrial Automation VC4, B&R Industrial Automation APROL, B&R Industrial Automation CAN Driver, B&R Industrial Automation CAN Driver CC770, B&R Industrial Automation CAN Driver SJA1000, B&R Industrial Automation Tou0ch Lock, B&R Industrial Automation B&R Single-Touch Driver, B&R Industrial Automation Serial User Mode Touch Driver, B&R Industrial Automation Windows Settings Changer (LTSC), B&R Industrial Automation Windows Settings Changer (2019 LTSC), B&R Industrial Automation Windows 10 Recovery Solution, B&R Industrial Automation ADI driver universal, B&R Industrial Automation ADI Development Kit, B&R Industrial Automation ADI .NET SDK, B&R Industrial Automation SRAM driver, B&R Industrial Automation HMI Service Center, B&R Industrial Automation HMI Service Center Maintenance, B&R Industrial Automation Windows 10 IoT Enterprise 2019 LTSC, B&R Industrial Automation KCF Editor could allow an authenticated local attacker to execute malicious code by placing specially crafted files in the loading search path..This issue affects Scene Viewer: before 4.4.0; Automation Runtime: before J4.93; mapp Vision: before 5.26.1; mapp View: before 5.24.2; mapp Cockpit: before 5.24.2; mapp Safety: before 5.24.2; VC4: before 4.73.2; APROL: before 4.4-01; CAN Driver: before 1.1.0; CAN Driver CC770: before 3.3.0; CAN Driver SJA1000: before 1.3.0; Tou0ch Lock: before 2.1.0; B&R Single-Touch Driver: before 2.0.0; Serial User Mode Touch Driver: before 1.7.1; Windows Settings Changer (LTSC): before 3.2.0; Windows Settings Changer (2019 LTSC): before 2.2.0; Windows 10 Recovery Solution: before 3.2.0; ADI driver universal: before 3.2.0; ADI Development Kit: before 5.5.0; ADI .NET SDK: before 4.1.0; SRAM driver: before 1.2.0; HMI Service Center: before 3.1.0; HMI Service Center Maintenance: before 2.1.0; Windows 10 IoT Enterprise 2019 LTSC: through 1.1; KCF Editor: before 1.1.0.

Affected Software

VendorProductVersion RangeStatus
B&R Industrial AutomationScene Viewer0 < 4.4.0affected
B&R Industrial AutomationAutomation Runtime0 < J4.93affected
B&R Industrial Automationmapp Vision0 < 5.26.1affected
B&R Industrial Automationmapp View0 < 5.24.2affected
B&R Industrial Automationmapp Cockpit0 < 5.24.2affected
B&R Industrial Automationmapp Safety0 < 5.24.2affected
B&R Industrial AutomationVC40 < 4.73.2affected
B&R Industrial AutomationAPROL0 < 4.4-01affected
B&R Industrial AutomationCAN Driver0 < 1.1.0affected
B&R Industrial AutomationCAN Driver CC7700 < 3.3.0affected
B&R Industrial AutomationCAN Driver SJA10000 < 1.3.0affected
B&R Industrial AutomationTou0ch Lock0 < 2.1.0affected
B&R Industrial AutomationB&R Single-Touch Driver0 < 2.0.0affected
B&R Industrial AutomationSerial User Mode Touch Driver0 < 1.7.1affected
B&R Industrial AutomationWindows Settings Changer (LTSC)0 < 3.2.0affected
B&R Industrial AutomationWindows Settings Changer (2019 LTSC)0 < 2.2.0affected
B&R Industrial AutomationWindows 10 Recovery Solution0 < 3.2.0affected
B&R Industrial AutomationADI driver universal0 < 3.2.0affected
B&R Industrial AutomationADI Development Kit0 < 5.5.0affected
B&R Industrial AutomationADI .NET SDK0 < 4.1.0affected
B&R Industrial AutomationSRAM driver0 < 1.2.0affected
B&R Industrial AutomationHMI Service Center0 < 3.1.0affected
B&R Industrial AutomationHMI Service Center Maintenance0 < 2.1.0affected
B&R Industrial AutomationWindows 10 IoT Enterprise 2019 LTSC0 <= 1.1affected
B&R Industrial AutomationKCF Editor0 < 1.1.0affected

Weaknesses

  • CWE-427: CWE-427 Uncontrolled Search Path Element

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References