cbcvebase.
CVE-2024-2637
published 2024-05-14

CVE-2024-2637: An Uncontrolled Search Path Element vulnerability in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Automation Runtime, B&R Industrial…

PriorityP431high7.2CVSS 3.1
AVLACHPRHUIRSCCHIHAH
EPSS
0.17%
6.4th percentile
An Uncontrolled Search Path Element vulnerability in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automation mapp View, B&R Industrial Automation mapp Cockpit, B&R Industrial Automation mapp Safety, B&R Industrial Automation VC4, B&R Industrial Automation APROL, B&R Industrial Automation CAN Driver, B&R Industrial Automation CAN Driver CC770, B&R Industrial Automation CAN Driver SJA1000, B&R Industrial Automation Tou0ch Lock, B&R Industrial Automation B&R Single-Touch Driver, B&R Industrial Automation Serial User Mode Touch Driver, B&R Industrial Automation Windows Settings Changer (LTSC), B&R Industrial Automation Windows Settings Changer (2019 LTSC), B&R Industrial Automation Windows 10 Recovery Solution, B&R Industrial Automation ADI driver universal, B&R Industrial Automation ADI Development Kit, B&R Industrial Automation ADI .NET SDK, B&R Industrial Automation SRAM driver, B&R Industrial Automation HMI Service Center, B&R Industrial Automation HMI Service Center Maintenance, B&R Industrial Automation Windows 10 IoT Enterprise 2019 LTSC, B&R Industrial Automation KCF Editor could allow an authenticated local attacker to execute malicious code by placing specially crafted files in the loading search path..This issue affects Scene Viewer: before 4.4.0; Automation Runtime: before J4.93; mapp Vision: before 5.26.1; mapp View: before 5.24.2; mapp Cockpit: before 5.24.2; mapp Safety: before 5.24.2; VC4: before 4.73.2; APROL: before 4.4-01; CAN Driver: before 1.1.0; CAN Driver CC770: before 3.3.0; CAN Driver SJA1000: before 1.3.0; Tou0ch Lock: before 2.1.0; B&R Single-Touch Driver: before 2.0.0; Serial User Mode Touch Driver: before 1.7.1; Windows Settings Changer (LTSC): before 3.2.0; Windows Settings Changer (2019 LTSC): before 2.2.0; Windows 10 Recovery Solution: before 3.2.0; ADI driver universal: before 3.2.0; ADI Development Kit: before 5.5.0; ADI .NET SDK: before 4.1.0

Affected

25 ranges
VendorProductVersion rangeFixed in
b_r_industrial_automationadi_development_kit< 5.5.05.5.0
b_r_industrial_automationadi_driver_universal< 3.2.03.2.0
b_r_industrial_automationadi_net_sdk< 4.1.04.1.0
b_r_industrial_automationaprol< 4.4-014.4-01
b_r_industrial_automationautomation_runtime< J4.93J4.93
b_r_industrial_automationb_r_single-touch_driver< 2.0.02.0.0
b_r_industrial_automationcan_driver< 1.1.01.1.0
b_r_industrial_automationcan_driver_cc770< 3.3.03.3.0
b_r_industrial_automationcan_driver_sja1000< 1.3.01.3.0
b_r_industrial_automationhmi_service_center< 3.1.03.1.0
b_r_industrial_automationhmi_service_center_maintenance< 2.1.02.1.0
b_r_industrial_automationkcf_editor< 1.1.01.1.0
b_r_industrial_automationmapp_cockpit< 5.24.25.24.2
b_r_industrial_automationmapp_safety< 5.24.25.24.2
b_r_industrial_automationmapp_view< 5.24.25.24.2
b_r_industrial_automationmapp_vision< 5.26.15.26.1
b_r_industrial_automationscene_viewer< 4.4.04.4.0
b_r_industrial_automationserial_user_mode_touch_driver< 1.7.11.7.1
b_r_industrial_automationsram_driver< 1.2.01.2.0
b_r_industrial_automationtou0ch_lock< 2.1.02.1.0
b_r_industrial_automationvc4< 4.73.24.73.2
b_r_industrial_automationwindows_10_iot_enterprise_2019_ltsc<= 1.1
b_r_industrial_automationwindows_10_recovery_solution< 3.2.03.2.0
b_r_industrial_automationwindows_settings_changer< 3.2.03.2.0
b_r_industrial_automationwindows_settings_changer< 2.2.02.2.0
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.