{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-2637", "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "state": "PUBLISHED", "assignerShortName": "ABB", "dateReserved": "2024-03-19T08:15:24.368Z", "datePublished": "2024-05-14T18:49:28.624Z", "dateUpdated": "2025-04-24T06:52:46.092Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Scene Viewer", "vendor": "B&R Industrial Automation", "versions": [{"lessThan": "4.4.0", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Automation Runtime", "vendor": "B&R Industrial Automation", "versions": [{"lessThan": "J4.93", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "mapp Vision", "vendor": "B&R Industrial Automation", "versions": [{"lessThan": "5.26.1", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "mapp View", "vendor": "B&R Industrial Automation", "versions": [{"lessThan": "5.24.2", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "mapp Cockpit", "vendor": "B&R Industrial Automation", "versions": [{"lessThan": "5.24.2", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "mapp Safety", "vendor": "B&R Industrial Automation", "versions": [{"lessThan": "5.24.2", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "VC4", "vendor": "B&R Industrial Automation", "versions": [{"lessThan": "4.73.2", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "APROL", "vendor": "B&R Industrial Automation", "versions": [{"lessThan": "4.4-01", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "CAN Driver", "vendor": "B&R Industrial Automation", "versions": [{"lessThan": "1.1.0", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "CAN Driver CC770", "vendor": "B&R Industrial Automation", "versions": [{"lessThan": "3.3.0", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "CAN Driver SJA1000", "vendor": "B&R Industrial Automation", "versions": [{"lessThan": "1.3.0", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Tou0ch Lock", "vendor": "B&R Industrial Automation", "versions": [{"lessThan": "2.1.0", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "B&R Single-Touch Driver", "vendor": "B&R Industrial Automation", "versions": [{"lessThan": "2.0.0", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Serial User Mode Touch Driver", "vendor": "B&R Industrial Automation", "versions": [{"lessThan": "1.7.1", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Windows Settings Changer (LTSC)", "vendor": "B&R Industrial Automation", "versions": [{"lessThan": "3.2.0", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Windows Settings Changer (2019 LTSC)", "vendor": "B&R Industrial Automation", "versions": [{"lessThan": "2.2.0", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Windows 10 Recovery Solution", "vendor": "B&R Industrial Automation", "versions": [{"lessThan": "3.2.0", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "ADI driver universal", "vendor": "B&R Industrial Automation", "versions": [{"lessThan": "3.2.0", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "ADI Development Kit", "vendor": "B&R Industrial Automation", "versions": [{"lessThan": "5.5.0", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "ADI .NET SDK", "vendor": "B&R Industrial Automation", "versions": [{"lessThan": "4.1.0", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "SRAM driver", "vendor": "B&R Industrial Automation", "versions": [{"lessThan": "1.2.0", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "HMI Service Center", "vendor": "B&R Industrial Automation", "versions": [{"lessThan": "3.1.0", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "HMI Service Center Maintenance", "vendor": "B&R Industrial Automation", "versions": [{"lessThan": "2.1.0", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Windows 10 IoT Enterprise 2019 LTSC", "vendor": "B&R Industrial Automation", "versions": [{"lessThanOrEqual": "1.1", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "KCF Editor", "vendor": "B&R Industrial Automation", "versions": [{"lessThan": "1.1.0", "status": "affected", "version": "0", "versionType": "custom"}]}], "datePublic": "2025-04-02T18:50:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An Uncontrolled Search Path Element vulnerability&nbsp;in B&amp;R Industrial Automation Scene Viewer, B&amp;R Industrial Automation Automation Runtime, B&amp;R Industrial Automation mapp Vision, B&amp;R Industrial Automation mapp View, B&amp;R Industrial Automation mapp Cockpit, B&amp;R Industrial Automation mapp Safety, B&amp;R Industrial Automation VC4, B&amp;R Industrial Automation APROL, B&amp;R Industrial Automation CAN Driver, B&amp;R Industrial Automation CAN Driver CC770, B&amp;R Industrial Automation CAN Driver SJA1000, B&amp;R Industrial Automation Tou0ch Lock, B&amp;R Industrial Automation B&amp;R Single-Touch Driver, B&amp;R Industrial Automation Serial User Mode Touch Driver, B&amp;R Industrial Automation Windows Settings Changer (LTSC), B&amp;R Industrial Automation Windows Settings Changer (2019 LTSC), B&amp;R Industrial Automation Windows 10 Recovery Solution, B&amp;R Industrial Automation ADI driver universal, B&amp;R Industrial Automation ADI Development Kit, B&amp;R Industrial Automation ADI .NET SDK, B&amp;R Industrial Automation SRAM driver, B&amp;R Industrial Automation HMI Service Center, B&amp;R Industrial Automation HMI Service Center Maintenance, B&amp;R Industrial Automation Windows 10 IoT Enterprise 2019 LTSC, B&amp;R Industrial Automation KCF Editor could allow an authenticated local attacker to execute malicious code by placing specially crafted files in the loading search path..<p>This issue affects Scene Viewer: before 4.4.0; Automation Runtime: before J4.93; mapp Vision: before 5.26.1; mapp View: before 5.24.2; mapp Cockpit: before 5.24.2; mapp Safety: before 5.24.2; VC4: before 4.73.2; APROL: before 4.4-01; CAN Driver: before 1.1.0; CAN Driver CC770: before 3.3.0; CAN Driver SJA1000: before 1.3.0; Tou0ch Lock: before 2.1.0; B&amp;R Single-Touch Driver: before 2.0.0; Serial User Mode Touch Driver: before 1.7.1; Windows Settings Changer (LTSC): before 3.2.0; Windows Settings Changer (2019 LTSC): before 2.2.0; Windows 10 Recovery Solution: before 3.2.0; ADI driver universal: before 3.2.0; ADI Development Kit: before 5.5.0; ADI .NET SDK: before 4.1.0; SRAM driver: before 1.2.0; HMI Service Center: before 3.1.0; HMI Service Center Maintenance: before 2.1.0; Windows 10 IoT Enterprise 2019 LTSC: through 1.1; KCF Editor: before 1.1.0.</p>"}], "value": "An Uncontrolled Search Path Element vulnerability\u00a0in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automation mapp View, B&R Industrial Automation mapp Cockpit, B&R Industrial Automation mapp Safety, B&R Industrial Automation VC4, B&R Industrial Automation APROL, B&R Industrial Automation CAN Driver, B&R Industrial Automation CAN Driver CC770, B&R Industrial Automation CAN Driver SJA1000, B&R Industrial Automation Tou0ch Lock, B&R Industrial Automation B&R Single-Touch Driver, B&R Industrial Automation Serial User Mode Touch Driver, B&R Industrial Automation Windows Settings Changer (LTSC), B&R Industrial Automation Windows Settings Changer (2019 LTSC), B&R Industrial Automation Windows 10 Recovery Solution, B&R Industrial Automation ADI driver universal, B&R Industrial Automation ADI Development Kit, B&R Industrial Automation ADI .NET SDK, B&R Industrial Automation SRAM driver, B&R Industrial Automation HMI Service Center, B&R Industrial Automation HMI Service Center Maintenance, B&R Industrial Automation Windows 10 IoT Enterprise 2019 LTSC, B&R Industrial Automation KCF Editor could allow an authenticated local attacker to execute malicious code by placing specially crafted files in the loading search path..This issue affects Scene Viewer: before 4.4.0; Automation Runtime: before J4.93; mapp Vision: before 5.26.1; mapp View: before 5.24.2; mapp Cockpit: before 5.24.2; mapp Safety: before 5.24.2; VC4: before 4.73.2; APROL: before 4.4-01; CAN Driver: before 1.1.0; CAN Driver CC770: before 3.3.0; CAN Driver SJA1000: before 1.3.0; Tou0ch Lock: before 2.1.0; B&R Single-Touch Driver: before 2.0.0; Serial User Mode Touch Driver: before 1.7.1; Windows Settings Changer (LTSC): before 3.2.0; Windows Settings Changer (2019 LTSC): before 2.2.0; Windows 10 Recovery Solution: before 3.2.0; ADI driver universal: before 3.2.0; ADI Development Kit: before 5.5.0; ADI .NET SDK: before 4.1.0; SRAM driver: before 1.2.0; HMI Service Center: before 3.1.0; HMI Service Center Maintenance: before 2.1.0; Windows 10 IoT Enterprise 2019 LTSC: through 1.1; KCF Editor: before 1.1.0."}], "impacts": [{"capecId": "CAPEC-641", "descriptions": [{"lang": "en", "value": "CAPEC-641 DLL Side-Loading"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-427", "description": "CWE-427 Uncontrolled Search Path Element", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB", "dateUpdated": "2025-04-24T06:52:46.092Z"}, "references": [{"url": "https://www.br-automation.com/fileadmin/SA24P005_Insecure_Loading_of_Code-c7d9e49c.pdf"}], "source": {"discovery": "UNKNOWN"}, "title": "Insecure Loading of Code in B&R Products", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "br-automation", "product": "scene_viewer", "cpes": ["cpe:2.3:a:br-automation:scene_viewer:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "4.4.0", "versionType": "custom"}]}, {"vendor": "br-automation", "product": "automation_runtime", "cpes": ["cpe:2.3:a:br-automation:automation_runtime:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "j4.93", "versionType": "custom"}]}, {"vendor": "br-automation", "product": "mapp_vision", "cpes": ["cpe:2.3:a:br-automation:mapp_vision:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "5.26.1", "versionType": "custom"}]}, {"vendor": "br-automation", "product": "mapp_view", "cpes": ["cpe:2.3:a:br-automation:mapp_view:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "5.24.2", "versionType": "custom"}]}, {"vendor": "br-automation", "product": "mapp_cockpit", "cpes": ["cpe:2.3:a:br-automation:mapp_cockpit:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "5.24.2", "versionType": "custom"}]}, {"vendor": "br-automation", "product": "vc4", "cpes": ["cpe:2.3:a:br-automation:vc4:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "4.73.2", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-05-14T19:33:12.195778Z", "id": "CVE-2024-2637", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-06T14:56:12.677Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:18:48.124Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.br-automation.com/fileadmin/SA24P005_Insecure_Loading_of_Code-c7d9e49c.pdf", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.br-automation.com/fileadmin/SA24P005_Insecure_Loading_of_Code-c7d9e49c.pdf", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:18:48.124Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-2637", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-14T19:33:12.195778Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:br-automation:scene_viewer:*:*:*:*:*:*:*:*"], "vendor": "br-automation", "product": "scene_viewer", "versions": [{"status": "affected", "version": "0", "lessThan": "4.4.0", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:br-automation:automation_runtime:*:*:*:*:*:*:*:*"], "vendor": "br-automation", "product": "automation_runtime", "versions": [{"status": "affected", "version": "0", "lessThan": "j4.93", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:br-automation:mapp_vision:*:*:*:*:*:*:*:*"], "vendor": "br-automation", "product": "mapp_vision", "versions": [{"status": "affected", "version": "0", "lessThan": "5.26.1", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:br-automation:mapp_view:*:*:*:*:*:*:*:*"], "vendor": "br-automation", "product": "mapp_view", "versions": [{"status": "affected", "version": "0", "lessThan": "5.24.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:br-automation:mapp_cockpit:*:*:*:*:*:*:*:*"], "vendor": "br-automation", "product": "mapp_cockpit", "versions": [{"status": "affected", "version": "0", "lessThan": "5.24.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:br-automation:vc4:*:*:*:*:*:*:*:*"], "vendor": "br-automation", "product": "vc4", "versions": [{"status": "affected", "version": "0", "lessThan": "4.73.2", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-14T19:44:57.892Z"}}], "cna": {"title": "Insecure Loading of Code in B&R Products", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-641", "descriptions": [{"lang": "en", "value": "CAPEC-641 DLL Side-Loading"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "B&R Industrial Automation", "product": "Scene Viewer", "versions": [{"status": "affected", "version": "0", "lessThan": "4.4.0", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "B&R Industrial Automation", "product": "Automation Runtime", "versions": [{"status": "affected", "version": "0", "lessThan": "J4.93", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "B&R Industrial Automation", "product": "mapp Vision", "versions": [{"status": "affected", "version": "0", "lessThan": "5.26.1", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "B&R Industrial Automation", "product": "mapp View", "versions": [{"status": "affected", "version": "0", "lessThan": "5.24.2", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "B&R Industrial Automation", "product": "mapp Cockpit", "versions": [{"status": "affected", "version": "0", "lessThan": "5.24.2", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "B&R Industrial Automation", "product": "mapp Safety", "versions": [{"status": "affected", "version": "0", "lessThan": "5.24.2", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "B&R Industrial Automation", "product": "VC4", "versions": [{"status": "affected", "version": "0", "lessThan": "4.73.2", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "B&R Industrial Automation", "product": "APROL", "versions": [{"status": "affected", "version": "0", "lessThan": "4.4-01", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "B&R Industrial Automation", "product": "CAN Driver", "versions": [{"status": "affected", "version": "0", "lessThan": "1.1.0", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "B&R Industrial Automation", "product": "CAN Driver CC770", "versions": [{"status": "affected", "version": "0", "lessThan": "3.3.0", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "B&R Industrial Automation", "product": "CAN Driver SJA1000", "versions": [{"status": "affected", "version": "0", "lessThan": "1.3.0", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "B&R Industrial Automation", "product": "Tou0ch Lock", "versions": [{"status": "affected", "version": "0", "lessThan": "2.1.0", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "B&R Industrial Automation", "product": "B&R Single-Touch Driver", "versions": [{"status": "affected", "version": "0", "lessThan": "2.0.0", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "B&R Industrial Automation", "product": "Serial User Mode Touch Driver", "versions": [{"status": "affected", "version": "0", "lessThan": "1.7.1", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "B&R Industrial Automation", "product": "Windows Settings Changer (LTSC)", "versions": [{"status": "affected", "version": "0", "lessThan": "3.2.0", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "B&R Industrial Automation", "product": "Windows Settings Changer (2019 LTSC)", "versions": [{"status": "affected", "version": "0", "lessThan": "2.2.0", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "B&R Industrial Automation", "product": "Windows 10 Recovery Solution", "versions": [{"status": "affected", "version": "0", "lessThan": "3.2.0", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "B&R Industrial Automation", "product": "ADI driver universal", "versions": [{"status": "affected", "version": "0", "lessThan": "3.2.0", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "B&R Industrial Automation", "product": "ADI Development Kit", "versions": [{"status": "affected", "version": "0", "lessThan": "5.5.0", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "B&R Industrial Automation", "product": "ADI .NET SDK", "versions": [{"status": "affected", "version": "0", "lessThan": "4.1.0", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "B&R Industrial Automation", "product": "SRAM driver", "versions": [{"status": "affected", "version": "0", "lessThan": "1.2.0", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "B&R Industrial Automation", "product": "HMI Service Center", "versions": [{"status": "affected", "version": "0", "lessThan": "3.1.0", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "B&R Industrial Automation", "product": "HMI Service Center Maintenance", "versions": [{"status": "affected", "version": "0", "lessThan": "2.1.0", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "B&R Industrial Automation", "product": "Windows 10 IoT Enterprise 2019 LTSC", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.1"}], "defaultStatus": "unaffected"}, {"vendor": "B&R Industrial Automation", "product": "KCF Editor", "versions": [{"status": "affected", "version": "0", "lessThan": "1.1.0", "versionType": "custom"}], "defaultStatus": "unaffected"}], "datePublic": "2025-04-02T18:50:00.000Z", "references": [{"url": "https://www.br-automation.com/fileadmin/SA24P005_Insecure_Loading_of_Code-c7d9e49c.pdf"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "An Uncontrolled Search Path Element vulnerability\u00a0in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automation mapp View, B&R Industrial Automation mapp Cockpit, B&R Industrial Automation mapp Safety, B&R Industrial Automation VC4, B&R Industrial Automation APROL, B&R Industrial Automation CAN Driver, B&R Industrial Automation CAN Driver CC770, B&R Industrial Automation CAN Driver SJA1000, B&R Industrial Automation Tou0ch Lock, B&R Industrial Automation B&R Single-Touch Driver, B&R Industrial Automation Serial User Mode Touch Driver, B&R Industrial Automation Windows Settings Changer (LTSC), B&R Industrial Automation Windows Settings Changer (2019 LTSC), B&R Industrial Automation Windows 10 Recovery Solution, B&R Industrial Automation ADI driver universal, B&R Industrial Automation ADI Development Kit, B&R Industrial Automation ADI .NET SDK, B&R Industrial Automation SRAM driver, B&R Industrial Automation HMI Service Center, B&R Industrial Automation HMI Service Center Maintenance, B&R Industrial Automation Windows 10 IoT Enterprise 2019 LTSC, B&R Industrial Automation KCF Editor could allow an authenticated local attacker to execute malicious code by placing specially crafted files in the loading search path..This issue affects Scene Viewer: before 4.4.0; Automation Runtime: before J4.93; mapp Vision: before 5.26.1; mapp View: before 5.24.2; mapp Cockpit: before 5.24.2; mapp Safety: before 5.24.2; VC4: before 4.73.2; APROL: before 4.4-01; CAN Driver: before 1.1.0; CAN Driver CC770: before 3.3.0; CAN Driver SJA1000: before 1.3.0; Tou0ch Lock: before 2.1.0; B&R Single-Touch Driver: before 2.0.0; Serial User Mode Touch Driver: before 1.7.1; Windows Settings Changer (LTSC): before 3.2.0; Windows Settings Changer (2019 LTSC): before 2.2.0; Windows 10 Recovery Solution: before 3.2.0; ADI driver universal: before 3.2.0; ADI Development Kit: before 5.5.0; ADI .NET SDK: before 4.1.0; SRAM driver: before 1.2.0; HMI Service Center: before 3.1.0; HMI Service Center Maintenance: before 2.1.0; Windows 10 IoT Enterprise 2019 LTSC: through 1.1; KCF Editor: before 1.1.0.", "supportingMedia": [{"type": "text/html", "value": "An Uncontrolled Search Path Element vulnerability&nbsp;in B&amp;R Industrial Automation Scene Viewer, B&amp;R Industrial Automation Automation Runtime, B&amp;R Industrial Automation mapp Vision, B&amp;R Industrial Automation mapp View, B&amp;R Industrial Automation mapp Cockpit, B&amp;R Industrial Automation mapp Safety, B&amp;R Industrial Automation VC4, B&amp;R Industrial Automation APROL, B&amp;R Industrial Automation CAN Driver, B&amp;R Industrial Automation CAN Driver CC770, B&amp;R Industrial Automation CAN Driver SJA1000, B&amp;R Industrial Automation Tou0ch Lock, B&amp;R Industrial Automation B&amp;R Single-Touch Driver, B&amp;R Industrial Automation Serial User Mode Touch Driver, B&amp;R Industrial Automation Windows Settings Changer (LTSC), B&amp;R Industrial Automation Windows Settings Changer (2019 LTSC), B&amp;R Industrial Automation Windows 10 Recovery Solution, B&amp;R Industrial Automation ADI driver universal, B&amp;R Industrial Automation ADI Development Kit, B&amp;R Industrial Automation ADI .NET SDK, B&amp;R Industrial Automation SRAM driver, B&amp;R Industrial Automation HMI Service Center, B&amp;R Industrial Automation HMI Service Center Maintenance, B&amp;R Industrial Automation Windows 10 IoT Enterprise 2019 LTSC, B&amp;R Industrial Automation KCF Editor could allow an authenticated local attacker to execute malicious code by placing specially crafted files in the loading search path..<p>This issue affects Scene Viewer: before 4.4.0; Automation Runtime: before J4.93; mapp Vision: before 5.26.1; mapp View: before 5.24.2; mapp Cockpit: before 5.24.2; mapp Safety: before 5.24.2; VC4: before 4.73.2; APROL: before 4.4-01; CAN Driver: before 1.1.0; CAN Driver CC770: before 3.3.0; CAN Driver SJA1000: before 1.3.0; Tou0ch Lock: before 2.1.0; B&amp;R Single-Touch Driver: before 2.0.0; Serial User Mode Touch Driver: before 1.7.1; Windows Settings Changer (LTSC): before 3.2.0; Windows Settings Changer (2019 LTSC): before 2.2.0; Windows 10 Recovery Solution: before 3.2.0; ADI driver universal: before 3.2.0; ADI Development Kit: before 5.5.0; ADI .NET SDK: before 4.1.0; SRAM driver: before 1.2.0; HMI Service Center: before 3.1.0; HMI Service Center Maintenance: before 2.1.0; Windows 10 IoT Enterprise 2019 LTSC: through 1.1; KCF Editor: before 1.1.0.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-427", "description": "CWE-427 Uncontrolled Search Path Element"}]}], "providerMetadata": {"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB", "dateUpdated": "2025-04-24T06:52:46.092Z"}}}, "cveMetadata": {"cveId": "CVE-2024-2637", "state": "PUBLISHED", "dateUpdated": "2025-04-24T06:52:46.092Z", "dateReserved": "2024-03-19T08:15:24.368Z", "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "datePublished": "2024-05-14T18:49:28.624Z", "assignerShortName": "ABB"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An Uncontrolled Search Path Element vulnerability\u00a0in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automation mapp View, B&R Industrial Automation mapp Cockpit, B&R Industrial Automation mapp Safety, B&R Industrial Automation VC4, B&R Industrial Automation APROL, B&R Industrial Automation CAN Driver, B&R Industrial Automation CAN Driver CC770, B&R Industrial Automation CAN Driver SJA1000, B&R Industrial Automation Tou0ch Lock, B&R Industrial Automation B&R Single-Touch Driver, B&R Industrial Automation Serial User Mode Touch Driver, B&R Industrial Automation Windows Settings Changer (LTSC), B&R Industrial Automation Windows Settings Changer (2019 LTSC), B&R Industrial Automation Windows 10 Recovery Solution, B&R Industrial Automation ADI driver universal, B&R Industrial Automation ADI Development Kit, B&R Industrial Automation ADI .NET SDK, B&R Industrial Automation SRAM driver, B&R Industrial Automation HMI Service Center, B&R Industrial Automation HMI Service Center Maintenance, B&R Industrial Automation Windows 10 IoT Enterprise 2019 LTSC, B&R Industrial Automation KCF Editor could allow an authenticated local attacker to execute malicious code by placing specially crafted files in the loading search path..This issue affects Scene Viewer: before 4.4.0; Automation Runtime: before J4.93; mapp Vision: before 5.26.1; mapp View: before 5.24.2; mapp Cockpit: before 5.24.2; mapp Safety: before 5.24.2; VC4: before 4.73.2; APROL: before 4.4-01; CAN Driver: before 1.1.0; CAN Driver CC770: before 3.3.0; CAN Driver SJA1000: before 1.3.0; Tou0ch Lock: before 2.1.0; B&R Single-Touch Driver: before 2.0.0; Serial User Mode Touch Driver: before 1.7.1; Windows Settings Changer (LTSC): before 3.2.0; Windows Settings Changer (2019 LTSC): before 2.2.0; Windows 10 Recovery Solution: before 3.2.0; ADI driver universal: before 3.2.0; ADI Development Kit: before 5.5.0; ADI .NET SDK: before 4.1.0; SRAM driver: before 1.2.0; HMI Service Center: before 3.1.0; HMI Service Center Maintenance: before 2.1.0; Windows 10 IoT Enterprise 2019 LTSC: through 1.1; KCF Editor: before 1.1.0."}, {"lang": "es", "value": "Un atacante local autenticado que aprovechara con \u00e9xito esta vulnerabilidad podr\u00eda insertar y ejecutar c\u00f3digo arbitrario utilizando software leg\u00edtimo de B&amp;R. Una vulnerabilidad de elemento de ruta de b\u00fasqueda no controlada en B&amp;R Industrial Automation Scene Viewer, B&amp;R Industrial Automation Runtime, B&amp;R Industrial Automation mapp Vision, B&amp;R Industrial Automation mapp View, B&amp;R Industrial Automation mapp Cockpit, B&amp;R Industrial Automation mapp Safety, B&amp;R Industrial Automation VC4 podr\u00eda permitir una autenticaci\u00f3n atacante local ejecute c\u00f3digo malicioso colocando archivos especialmente manipulados en la ruta de b\u00fasqueda de carga. Este problema afecta a Scene Viewer: antes de 4.4.0; Automation Runtime: antes de J4.93; mapp Vision: antes de 5.26.1; mapp View: antes de 5.24.2; Cockpit mapp: antes de 5.24.2; mapp Safety: antes de 5.24.2; VC4: antes de 4.73.2."}], "id": "CVE-2024-2637", "lastModified": "2025-04-24T07:15:29.910", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.6, "impactScore": 6.0, "source": "cybersecurity@ch.abb.com", "type": "Secondary"}]}, "published": "2024-05-14T19:15:10.230", "references": [{"source": "cybersecurity@ch.abb.com", "url": "https://www.br-automation.com/fileadmin/SA24P005_Insecure_Loading_of_Code-c7d9e49c.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.br-automation.com/fileadmin/SA24P005_Insecure_Loading_of_Code-c7d9e49c.pdf"}], "sourceIdentifier": "cybersecurity@ch.abb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "cybersecurity@ch.abb.com", "type": "Secondary"}]}

{}

{}