CVE-2024-2637
published 2024-05-14CVE-2024-2637: An Uncontrolled Search Path Element vulnerability in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Automation Runtime, B&R Industrial…
PriorityP431high7.2CVSS 3.1
AVLACHPRHUIRSCCHIHAH
EPSS
0.17%
6.4th percentile
An Uncontrolled Search Path Element vulnerability in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automation mapp View, B&R Industrial Automation mapp Cockpit, B&R Industrial Automation mapp Safety, B&R Industrial Automation VC4, B&R Industrial Automation APROL, B&R Industrial Automation CAN Driver, B&R Industrial Automation CAN Driver CC770, B&R Industrial Automation CAN Driver SJA1000, B&R Industrial Automation Tou0ch Lock, B&R Industrial Automation B&R Single-Touch Driver, B&R Industrial Automation Serial User Mode Touch Driver, B&R Industrial Automation Windows Settings Changer (LTSC), B&R Industrial Automation Windows Settings Changer (2019 LTSC), B&R Industrial Automation Windows 10 Recovery Solution, B&R Industrial Automation ADI driver universal, B&R Industrial Automation ADI Development Kit, B&R Industrial Automation ADI .NET SDK, B&R Industrial Automation SRAM driver, B&R Industrial Automation HMI Service Center, B&R Industrial Automation HMI Service Center Maintenance, B&R Industrial Automation Windows 10 IoT Enterprise 2019 LTSC, B&R Industrial Automation KCF Editor could allow an authenticated local attacker to execute malicious code by placing specially crafted files in the loading search path..This issue affects Scene Viewer: before 4.4.0; Automation Runtime: before J4.93; mapp Vision: before 5.26.1; mapp View: before 5.24.2; mapp Cockpit: before 5.24.2; mapp Safety: before 5.24.2; VC4: before 4.73.2; APROL: before 4.4-01; CAN Driver: before 1.1.0; CAN Driver CC770: before 3.3.0; CAN Driver SJA1000: before 1.3.0; Tou0ch Lock: before 2.1.0; B&R Single-Touch Driver: before 2.0.0; Serial User Mode Touch Driver: before 1.7.1; Windows Settings Changer (LTSC): before 3.2.0; Windows Settings Changer (2019 LTSC): before 2.2.0; Windows 10 Recovery Solution: before 3.2.0; ADI driver universal: before 3.2.0; ADI Development Kit: before 5.5.0; ADI .NET SDK: before 4.1.0
Affected
25 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| b_r_industrial_automation | adi_development_kit | < 5.5.0 | 5.5.0 |
| b_r_industrial_automation | adi_driver_universal | < 3.2.0 | 3.2.0 |
| b_r_industrial_automation | adi_net_sdk | < 4.1.0 | 4.1.0 |
| b_r_industrial_automation | aprol | < 4.4-01 | 4.4-01 |
| b_r_industrial_automation | automation_runtime | < J4.93 | J4.93 |
| b_r_industrial_automation | b_r_single-touch_driver | < 2.0.0 | 2.0.0 |
| b_r_industrial_automation | can_driver | < 1.1.0 | 1.1.0 |
| b_r_industrial_automation | can_driver_cc770 | < 3.3.0 | 3.3.0 |
| b_r_industrial_automation | can_driver_sja1000 | < 1.3.0 | 1.3.0 |
| b_r_industrial_automation | hmi_service_center | < 3.1.0 | 3.1.0 |
| b_r_industrial_automation | hmi_service_center_maintenance | < 2.1.0 | 2.1.0 |
| b_r_industrial_automation | kcf_editor | < 1.1.0 | 1.1.0 |
| b_r_industrial_automation | mapp_cockpit | < 5.24.2 | 5.24.2 |
| b_r_industrial_automation | mapp_safety | < 5.24.2 | 5.24.2 |
| b_r_industrial_automation | mapp_view | < 5.24.2 | 5.24.2 |
| b_r_industrial_automation | mapp_vision | < 5.26.1 | 5.26.1 |
| b_r_industrial_automation | scene_viewer | < 4.4.0 | 4.4.0 |
| b_r_industrial_automation | serial_user_mode_touch_driver | < 1.7.1 | 1.7.1 |
| b_r_industrial_automation | sram_driver | < 1.2.0 | 1.2.0 |
| b_r_industrial_automation | tou0ch_lock | < 2.1.0 | 2.1.0 |
| b_r_industrial_automation | vc4 | < 4.73.2 | 4.73.2 |
| b_r_industrial_automation | windows_10_iot_enterprise_2019_ltsc | <= 1.1 | — |
| b_r_industrial_automation | windows_10_recovery_solution | < 3.2.0 | 3.2.0 |
| b_r_industrial_automation | windows_settings_changer | < 3.2.0 | 3.2.0 |
| b_r_industrial_automation | windows_settings_changer | < 2.2.0 | 2.2.0 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-05-14
Published