Assigner | ABB |
Reserved | 2024-03-19 |
Published | 2024-05-14 |
Updated | 2024-06-06 |
Description
An Uncontrolled Search Path Element vulnerability in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automation mapp View, B&R Industrial Automation mapp Cockpit, B&R Industrial Automation mapp Safety, B&R Industrial Automation VC4 could allow an authenticated local attacker to execute malicious code by placing specially crafted files in the loading search path.This issue affects Scene Viewer: before 4.4.0; Automation Runtime: before J4.93; mapp Vision: before 5.26.1; mapp View: before 5.24.2; mapp Cockpit: before 5.24.2; mapp Safety: before 5.24.2; VC4: before 4.73.2.
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H |
Problem types
CWE-427 Uncontrolled Search Path Element
Product status
Any version before 4.4.0
Any version before J4.93
Any version before 5.26.1
Any version before 5.24.2
Any version before 5.24.2
Any version before 5.24.2
Any version before 4.73.2
References
https://www.br-automation.com/fileadmin/SA24P005_Insecure_Loading_of_Code-c7d9e49c.pdf