CVE-2024-2637 - Vulnerability Details

Vendors	Products
Br-automation	Automation Runtime Mapp Cockpit Mapp View Mapp Vision Scene Viewer Vc4

Link	Providers
https://www.br-automation.com/fileadmin/SA24P005_Insecure_Loading_of_Code-c7d9e49c.pdf

Type	Values Removed	Values Added
First Time appeared		Br-automation Br-automation automation Runtime Br-automation mapp Cockpit Br-automation mapp View Br-automation mapp Vision Br-automation scene Viewer Br-automation vc4
CPEs		cpe:2.3:a:br-automation:automation_runtime:::::::: cpe:2.3:a:br-automation:mapp_cockpit:::::::: cpe:2.3:a:br-automation:mapp_view:::::::: cpe:2.3:a:br-automation:mapp_vision:::::::: cpe:2.3:a:br-automation:scene_viewer:::::::: cpe:2.3:a:br-automation:vc4::::::::
Vendors & Products		Br-automation Br-automation automation Runtime Br-automation mapp Cockpit Br-automation mapp View Br-automation mapp Vision Br-automation scene Viewer Br-automation vc4
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Type	Values Removed	Values Added
Description	An Uncontrolled Search Path Element vulnerability in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automation mapp View, B&R Industrial Automation mapp Cockpit, B&R Industrial Automation mapp Safety, B&R Industrial Automation VC4 could allow an authenticated local attacker to execute malicious code by placing specially crafted files in the loading search path.This issue affects Scene Viewer: before 4.4.0; Automation Runtime: before J4.93; mapp Vision: before 5.26.1; mapp View: before 5.24.2; mapp Cockpit: before 5.24.2; mapp Safety: before 5.24.2; VC4: before 4.73.2.	An Uncontrolled Search Path Element vulnerability in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automation mapp View, B&R Industrial Automation mapp Cockpit, B&R Industrial Automation mapp Safety, B&R Industrial Automation VC4, B&R Industrial Automation APROL, B&R Industrial Automation CAN Driver, B&R Industrial Automation CAN Driver CC770, B&R Industrial Automation CAN Driver SJA1000, B&R Industrial Automation Tou0ch Lock, B&R Industrial Automation B&R Single-Touch Driver, B&R Industrial Automation Serial User Mode Touch Driver, B&R Industrial Automation Windows Settings Changer (LTSC), B&R Industrial Automation Windows Settings Changer (2019 LTSC), B&R Industrial Automation Windows 10 Recovery Solution, B&R Industrial Automation ADI driver universal, B&R Industrial Automation ADI Development Kit, B&R Industrial Automation ADI .NET SDK, B&R Industrial Automation SRAM driver, B&R Industrial Automation HMI Service Center, B&R Industrial Automation HMI Service Center Maintenance, B&R Industrial Automation Windows 10 IoT Enterprise 2019 LTSC, B&R Industrial Automation KCF Editor could allow an authenticated local attacker to execute malicious code by placing specially crafted files in the loading search path..This issue affects Scene Viewer: before 4.4.0; Automation Runtime: before J4.93; mapp Vision: before 5.26.1; mapp View: before 5.24.2; mapp Cockpit: before 5.24.2; mapp Safety: before 5.24.2; VC4: before 4.73.2; APROL: before 4.4-01; CAN Driver: before 1.1.0; CAN Driver CC770: before 3.3.0; CAN Driver SJA1000: before 1.3.0; Tou0ch Lock: before 2.1.0; B&R Single-Touch Driver: before 2.0.0; Serial User Mode Touch Driver: before 1.7.1; Windows Settings Changer (LTSC): before 3.2.0; Windows Settings Changer (2019 LTSC): before 2.2.0; Windows 10 Recovery Solution: before 3.2.0; ADI driver universal: before 3.2.0; ADI Development Kit: before 5.5.0; ADI .NET SDK: before 4.1.0; SRAM driver: before 1.2.0; HMI Service Center: before 3.1.0; HMI Service Center Maintenance: before 2.1.0; Windows 10 IoT Enterprise 2019 LTSC: through 1.1; KCF Editor: before 1.1.0.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-2637", "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "state": "PUBLISHED", "assignerShortName": "ABB", "dateReserved": "2024-03-19T08:15:24.368Z", "datePublished": "2024-05-14T18:49:28.624Z", "dateUpdated": "2025-04-24T06:52:46.092Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Scene Viewer", "vendor": "B&R Industrial Automation", "versions": [{"lessThan": "4.4.0", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Automation Runtime", "vendor": "B&R Industrial Automation", "versions": [{"lessThan": "J4.93", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "mapp Vision", "vendor": "B&R Industrial Automation", "versions": [{"lessThan": "5.26.1", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "mapp View", "vendor": "B&R Industrial Automation", "versions": [{"lessThan": "5.24.2", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "mapp Cockpit", "vendor": "B&R Industrial Automation", "versions": [{"lessThan": "5.24.2", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "mapp Safety", "vendor": "B&R Industrial Automation", "versions": [{"lessThan": "5.24.2", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "VC4", "vendor": "B&R Industrial Automation", "versions": [{"lessThan": "4.73.2", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "APROL", "vendor": "B&R Industrial Automation", "versions": [{"lessThan": "4.4-01", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "CAN Driver", "vendor": "B&R Industrial Automation", "versions": [{"lessThan": "1.1.0", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "CAN Driver CC770", "vendor": "B&R Industrial Automation", "versions": [{"lessThan": "3.3.0", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "CAN Driver SJA1000", "vendor": "B&R Industrial Automation", "versions": [{"lessThan": "1.3.0", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Tou0ch Lock", "vendor": "B&R Industrial Automation", "versions": [{"lessThan": "2.1.0", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "B&R Single-Touch Driver", "vendor": "B&R Industrial Automation", "versions": [{"lessThan": "2.0.0", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Serial User Mode Touch Driver", "vendor": "B&R Industrial Automation", "versions": [{"lessThan": "1.7.1", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Windows Settings Changer (LTSC)", "vendor": "B&R Industrial Automation", "versions": [{"lessThan": "3.2.0", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Windows Settings Changer (2019 LTSC)", "vendor": "B&R Industrial Automation", "versions": [{"lessThan": "2.2.0", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Windows 10 Recovery Solution", "vendor": "B&R Industrial Automation", "versions": [{"lessThan": "3.2.0", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "ADI driver universal", "vendor": "B&R Industrial Automation", "versions": [{"lessThan": "3.2.0", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "ADI Development Kit", "vendor": "B&R Industrial Automation", "versions": [{"lessThan": "5.5.0", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "ADI .NET SDK", "vendor": "B&R Industrial Automation", "versions": [{"lessThan": "4.1.0", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "SRAM driver", "vendor": "B&R Industrial Automation", "versions": [{"lessThan": "1.2.0", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "HMI Service Center", "vendor": "B&R Industrial Automation", "versions": [{"lessThan": "3.1.0", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "HMI Service Center Maintenance", "vendor": "B&R Industrial Automation", "versions": [{"lessThan": "2.1.0", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Windows 10 IoT Enterprise 2019 LTSC", "vendor": "B&R Industrial Automation", "versions": [{"lessThanOrEqual": "1.1", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "KCF Editor", "vendor": "B&R Industrial Automation", "versions": [{"lessThan": "1.1.0", "status": "affected", "version": "0", "versionType": "custom"}]}], "datePublic": "2025-04-02T18:50:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An Uncontrolled Search Path Element vulnerability in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automation mapp View, B&R Industrial Automation mapp Cockpit, B&R Industrial Automation mapp Safety, B&R Industrial Automation VC4, B&R Industrial Automation APROL, B&R Industrial Automation CAN Driver, B&R Industrial Automation CAN Driver CC770, B&R Industrial Automation CAN Driver SJA1000, B&R Industrial Automation Tou0ch Lock, B&R Industrial Automation B&R Single-Touch Driver, B&R Industrial Automation Serial User Mode Touch Driver, B&R Industrial Automation Windows Settings Changer (LTSC), B&R Industrial Automation Windows Settings Changer (2019 LTSC), B&R Industrial Automation Windows 10 Recovery Solution, B&R Industrial Automation ADI driver universal, B&R Industrial Automation ADI Development Kit, B&R Industrial Automation ADI .NET SDK, B&R Industrial Automation SRAM driver, B&R Industrial Automation HMI Service Center, B&R Industrial Automation HMI Service Center Maintenance, B&R Industrial Automation Windows 10 IoT Enterprise 2019 LTSC, B&R Industrial Automation KCF Editor could allow an authenticated local attacker to execute malicious code by placing specially crafted files in the loading search path..<p>This issue affects Scene Viewer: before 4.4.0; Automation Runtime: before J4.93; mapp Vision: before 5.26.1; mapp View: before 5.24.2; mapp Cockpit: before 5.24.2; mapp Safety: before 5.24.2; VC4: before 4.73.2; APROL: before 4.4-01; CAN Driver: before 1.1.0; CAN Driver CC770: before 3.3.0; CAN Driver SJA1000: before 1.3.0; Tou0ch Lock: before 2.1.0; B&R Single-Touch Driver: before 2.0.0; Serial User Mode Touch Driver: before 1.7.1; Windows Settings Changer (LTSC): before 3.2.0; Windows Settings Changer (2019 LTSC): before 2.2.0; Windows 10 Recovery Solution: before 3.2.0; ADI driver universal: before 3.2.0; ADI Development Kit: before 5.5.0; ADI .NET SDK: before 4.1.0; SRAM driver: before 1.2.0; HMI Service Center: before 3.1.0; HMI Service Center Maintenance: before 2.1.0; Windows 10 IoT Enterprise 2019 LTSC: through 1.1; KCF Editor: before 1.1.0.</p>"}], "value": "An Uncontrolled Search Path Element vulnerability\u00a0in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automation mapp View, B&R Industrial Automation mapp Cockpit, B&R Industrial Automation mapp Safety, B&R Industrial Automation VC4, B&R Industrial Automation APROL, B&R Industrial Automation CAN Driver, B&R Industrial Automation CAN Driver CC770, B&R Industrial Automation CAN Driver SJA1000, B&R Industrial Automation Tou0ch Lock, B&R Industrial Automation B&R Single-Touch Driver, B&R Industrial Automation Serial User Mode Touch Driver, B&R Industrial Automation Windows Settings Changer (LTSC), B&R Industrial Automation Windows Settings Changer (2019 LTSC), B&R Industrial Automation Windows 10 Recovery Solution, B&R Industrial Automation ADI driver universal, B&R Industrial Automation ADI Development Kit, B&R Industrial Automation ADI .NET SDK, B&R Industrial Automation SRAM driver, B&R Industrial Automation HMI Service Center, B&R Industrial Automation HMI Service Center Maintenance, B&R Industrial Automation Windows 10 IoT Enterprise 2019 LTSC, B&R Industrial Automation KCF Editor could allow an authenticated local attacker to execute malicious code by placing specially crafted files in the loading search path..This issue affects Scene Viewer: before 4.4.0; Automation Runtime: before J4.93; mapp Vision: before 5.26.1; mapp View: before 5.24.2; mapp Cockpit: before 5.24.2; mapp Safety: before 5.24.2; VC4: before 4.73.2; APROL: before 4.4-01; CAN Driver: before 1.1.0; CAN Driver CC770: before 3.3.0; CAN Driver SJA1000: before 1.3.0; Tou0ch Lock: before 2.1.0; B&R Single-Touch Driver: before 2.0.0; Serial User Mode Touch Driver: before 1.7.1; Windows Settings Changer (LTSC): before 3.2.0; Windows Settings Changer (2019 LTSC): before 2.2.0; Windows 10 Recovery Solution: before 3.2.0; ADI driver universal: before 3.2.0; ADI Development Kit: before 5.5.0; ADI .NET SDK: before 4.1.0; SRAM driver: before 1.2.0; HMI Service Center: before 3.1.0; HMI Service Center Maintenance: before 2.1.0; Windows 10 IoT Enterprise 2019 LTSC: through 1.1; KCF Editor: before 1.1.0."}], "impacts": [{"capecId": "CAPEC-641", "descriptions": [{"lang": "en", "value": "CAPEC-641 DLL Side-Loading"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-427", "description": "CWE-427 Uncontrolled Search Path Element", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB", "dateUpdated": "2025-04-24T06:52:46.092Z"}, "references": [{"url": "https://www.br-automation.com/fileadmin/SA24P005_Insecure_Loading_of_Code-c7d9e49c.pdf"}], "source": {"discovery": "UNKNOWN"}, "title": "Insecure Loading of Code in B&R Products", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "br-automation", "product": "scene_viewer", "cpes": ["cpe:2.3:a:br-automation:scene_viewer:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "4.4.0", "versionType": "custom"}]}, {"vendor": "br-automation", "product": "automation_runtime", "cpes": ["cpe:2.3:a:br-automation:automation_runtime:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "j4.93", "versionType": "custom"}]}, {"vendor": "br-automation", "product": "mapp_vision", "cpes": ["cpe:2.3:a:br-automation:mapp_vision:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "5.26.1", "versionType": "custom"}]}, {"vendor": "br-automation", "product": "mapp_view", "cpes": ["cpe:2.3:a:br-automation:mapp_view:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "5.24.2", "versionType": "custom"}]}, {"vendor": "br-automation", "product": "mapp_cockpit", "cpes": ["cpe:2.3:a:br-automation:mapp_cockpit:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "5.24.2", "versionType": "custom"}]}, {"vendor": "br-automation", "product": "vc4", "cpes": ["cpe:2.3:a:br-automation:vc4:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "4.73.2", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-05-14T19:33:12.195778Z", "id": "CVE-2024-2637", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-06T14:56:12.677Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:18:48.124Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.br-automation.com/fileadmin/SA24P005_Insecure_Loading_of_Code-c7d9e49c.pdf", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.br-automation.com/fileadmin/SA24P005_Insecure_Loading_of_Code-c7d9e49c.pdf", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:18:48.124Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-2637", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-14T19:33:12.195778Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:br-automation:scene_viewer:*:*:*:*:*:*:*:*"], "vendor": "br-automation", "product": "scene_viewer", "versions": [{"status": "affected", "version": "0", "lessThan": "4.4.0", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:br-automation:automation_runtime:*:*:*:*:*:*:*:*"], "vendor": "br-automation", "product": "automation_runtime", "versions": [{"status": "affected", "version": "0", "lessThan": "j4.93", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:br-automation:mapp_vision:*:*:*:*:*:*:*:*"], "vendor": "br-automation", "product": "mapp_vision", "versions": [{"status": "affected", "version": "0", "lessThan": "5.26.1", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:br-automation:mapp_view:*:*:*:*:*:*:*:*"], "vendor": "br-automation", "product": "mapp_view", "versions": [{"status": "affected", "version": "0", "lessThan": "5.24.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:br-automation:mapp_cockpit:*:*:*:*:*:*:*:*"], "vendor": "br-automation", "product": "mapp_cockpit", "versions": [{"status": "affected", "version": "0", "lessThan": "5.24.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:br-automation:vc4:*:*:*:*:*:*:*:*"], "vendor": "br-automation", "product": "vc4", "versions": [{"status": "affected", "version": "0", "lessThan": "4.73.2", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-14T19:44:57.892Z"}}], "cna": {"title": "Insecure Loading of Code in B&R Products", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-641", "descriptions": [{"lang": "en", "value": "CAPEC-641 DLL Side-Loading"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "B&R Industrial Automation", "product": "Scene Viewer", "versions": [{"status": "affected", "version": "0", "lessThan": "4.4.0", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "B&R Industrial Automation", "product": "Automation Runtime", "versions": [{"status": "affected", "version": "0", "lessThan": "J4.93", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "B&R Industrial Automation", "product": "mapp Vision", "versions": [{"status": "affected", "version": "0", "lessThan": "5.26.1", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "B&R Industrial Automation", "product": "mapp View", "versions": [{"status": "affected", "version": "0", "lessThan": "5.24.2", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "B&R Industrial Automation", "product": "mapp Cockpit", "versions": [{"status": "affected", "version": "0", "lessThan": "5.24.2", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "B&R Industrial Automation", "product": "mapp Safety", "versions": [{"status": "affected", "version": "0", "lessThan": "5.24.2", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "B&R Industrial Automation", "product": "VC4", "versions": [{"status": "affected", "version": "0", "lessThan": "4.73.2", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "B&R Industrial Automation", "product": "APROL", "versions": [{"status": "affected", "version": "0", "lessThan": "4.4-01", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "B&R Industrial Automation", "product": "CAN Driver", "versions": [{"status": "affected", "version": "0", "lessThan": "1.1.0", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "B&R Industrial Automation", "product": "CAN Driver CC770", "versions": [{"status": "affected", "version": "0", "lessThan": "3.3.0", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "B&R Industrial Automation", "product": "CAN Driver SJA1000", "versions": [{"status": "affected", "version": "0", "lessThan": "1.3.0", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "B&R Industrial Automation", "product": "Tou0ch Lock", "versions": [{"status": "affected", "version": "0", "lessThan": "2.1.0", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "B&R Industrial Automation", "product": "B&R Single-Touch Driver", "versions": [{"status": "affected", "version": "0", "lessThan": "2.0.0", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "B&R Industrial Automation", "product": "Serial User Mode Touch Driver", "versions": [{"status": "affected", "version": "0", "lessThan": "1.7.1", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "B&R Industrial Automation", "product": "Windows Settings Changer (LTSC)", "versions": [{"status": "affected", "version": "0", "lessThan": "3.2.0", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "B&R Industrial Automation", "product": "Windows Settings Changer (2019 LTSC)", "versions": [{"status": "affected", "version": "0", "lessThan": "2.2.0", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "B&R Industrial Automation", "product": "Windows 10 Recovery Solution", "versions": [{"status": "affected", "version": "0", "lessThan": "3.2.0", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "B&R Industrial Automation", "product": "ADI driver universal", "versions": [{"status": "affected", "version": "0", "lessThan": "3.2.0", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "B&R Industrial Automation", "product": "ADI Development Kit", "versions": [{"status": "affected", "version": "0", "lessThan": "5.5.0", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "B&R Industrial Automation", "product": "ADI .NET SDK", "versions": [{"status": "affected", "version": "0", "lessThan": "4.1.0", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "B&R Industrial Automation", "product": "SRAM driver", "versions": [{"status": "affected", "version": "0", "lessThan": "1.2.0", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "B&R Industrial Automation", "product": "HMI Service Center", "versions": [{"status": "affected", "version": "0", "lessThan": "3.1.0", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "B&R Industrial Automation", "product": "HMI Service Center Maintenance", "versions": [{"status": "affected", "version": "0", "lessThan": "2.1.0", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "B&R Industrial Automation", "product": "Windows 10 IoT Enterprise 2019 LTSC", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.1"}], "defaultStatus": "unaffected"}, {"vendor": "B&R Industrial Automation", "product": "KCF Editor", "versions": [{"status": "affected", "version": "0", "lessThan": "1.1.0", "versionType": "custom"}], "defaultStatus": "unaffected"}], "datePublic": "2025-04-02T18:50:00.000Z", "references": [{"url": "https://www.br-automation.com/fileadmin/SA24P005_Insecure_Loading_of_Code-c7d9e49c.pdf"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "An Uncontrolled Search Path Element vulnerability\u00a0in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automation mapp View, B&R Industrial Automation mapp Cockpit, B&R Industrial Automation mapp Safety, B&R Industrial Automation VC4, B&R Industrial Automation APROL, B&R Industrial Automation CAN Driver, B&R Industrial Automation CAN Driver CC770, B&R Industrial Automation CAN Driver SJA1000, B&R Industrial Automation Tou0ch Lock, B&R Industrial Automation B&R Single-Touch Driver, B&R Industrial Automation Serial User Mode Touch Driver, B&R Industrial Automation Windows Settings Changer (LTSC), B&R Industrial Automation Windows Settings Changer (2019 LTSC), B&R Industrial Automation Windows 10 Recovery Solution, B&R Industrial Automation ADI driver universal, B&R Industrial Automation ADI Development Kit, B&R Industrial Automation ADI .NET SDK, B&R Industrial Automation SRAM driver, B&R Industrial Automation HMI Service Center, B&R Industrial Automation HMI Service Center Maintenance, B&R Industrial Automation Windows 10 IoT Enterprise 2019 LTSC, B&R Industrial Automation KCF Editor could allow an authenticated local attacker to execute malicious code by placing specially crafted files in the loading search path..This issue affects Scene Viewer: before 4.4.0; Automation Runtime: before J4.93; mapp Vision: before 5.26.1; mapp View: before 5.24.2; mapp Cockpit: before 5.24.2; mapp Safety: before 5.24.2; VC4: before 4.73.2; APROL: before 4.4-01; CAN Driver: before 1.1.0; CAN Driver CC770: before 3.3.0; CAN Driver SJA1000: before 1.3.0; Tou0ch Lock: before 2.1.0; B&R Single-Touch Driver: before 2.0.0; Serial User Mode Touch Driver: before 1.7.1; Windows Settings Changer (LTSC): before 3.2.0; Windows Settings Changer (2019 LTSC): before 2.2.0; Windows 10 Recovery Solution: before 3.2.0; ADI driver universal: before 3.2.0; ADI Development Kit: before 5.5.0; ADI .NET SDK: before 4.1.0; SRAM driver: before 1.2.0; HMI Service Center: before 3.1.0; HMI Service Center Maintenance: before 2.1.0; Windows 10 IoT Enterprise 2019 LTSC: through 1.1; KCF Editor: before 1.1.0.", "supportingMedia": [{"type": "text/html", "value": "An Uncontrolled Search Path Element vulnerability in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automation mapp View, B&R Industrial Automation mapp Cockpit, B&R Industrial Automation mapp Safety, B&R Industrial Automation VC4, B&R Industrial Automation APROL, B&R Industrial Automation CAN Driver, B&R Industrial Automation CAN Driver CC770, B&R Industrial Automation CAN Driver SJA1000, B&R Industrial Automation Tou0ch Lock, B&R Industrial Automation B&R Single-Touch Driver, B&R Industrial Automation Serial User Mode Touch Driver, B&R Industrial Automation Windows Settings Changer (LTSC), B&R Industrial Automation Windows Settings Changer (2019 LTSC), B&R Industrial Automation Windows 10 Recovery Solution, B&R Industrial Automation ADI driver universal, B&R Industrial Automation ADI Development Kit, B&R Industrial Automation ADI .NET SDK, B&R Industrial Automation SRAM driver, B&R Industrial Automation HMI Service Center, B&R Industrial Automation HMI Service Center Maintenance, B&R Industrial Automation Windows 10 IoT Enterprise 2019 LTSC, B&R Industrial Automation KCF Editor could allow an authenticated local attacker to execute malicious code by placing specially crafted files in the loading search path..<p>This issue affects Scene Viewer: before 4.4.0; Automation Runtime: before J4.93; mapp Vision: before 5.26.1; mapp View: before 5.24.2; mapp Cockpit: before 5.24.2; mapp Safety: before 5.24.2; VC4: before 4.73.2; APROL: before 4.4-01; CAN Driver: before 1.1.0; CAN Driver CC770: before 3.3.0; CAN Driver SJA1000: before 1.3.0; Tou0ch Lock: before 2.1.0; B&R Single-Touch Driver: before 2.0.0; Serial User Mode Touch Driver: before 1.7.1; Windows Settings Changer (LTSC): before 3.2.0; Windows Settings Changer (2019 LTSC): before 2.2.0; Windows 10 Recovery Solution: before 3.2.0; ADI driver universal: before 3.2.0; ADI Development Kit: before 5.5.0; ADI .NET SDK: before 4.1.0; SRAM driver: before 1.2.0; HMI Service Center: before 3.1.0; HMI Service Center Maintenance: before 2.1.0; Windows 10 IoT Enterprise 2019 LTSC: through 1.1; KCF Editor: before 1.1.0.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-427", "description": "CWE-427 Uncontrolled Search Path Element"}]}], "providerMetadata": {"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB", "dateUpdated": "2025-04-24T06:52:46.092Z"}}}, "cveMetadata": {"cveId": "CVE-2024-2637", "state": "PUBLISHED", "dateUpdated": "2025-04-24T06:52:46.092Z", "dateReserved": "2024-03-19T08:15:24.368Z", "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "datePublished": "2024-05-14T18:49:28.624Z", "assignerShortName": "ABB"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An Uncontrolled Search Path Element vulnerability\u00a0in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automation mapp View, B&R Industrial Automation mapp Cockpit, B&R Industrial Automation mapp Safety, B&R Industrial Automation VC4, B&R Industrial Automation APROL, B&R Industrial Automation CAN Driver, B&R Industrial Automation CAN Driver CC770, B&R Industrial Automation CAN Driver SJA1000, B&R Industrial Automation Tou0ch Lock, B&R Industrial Automation B&R Single-Touch Driver, B&R Industrial Automation Serial User Mode Touch Driver, B&R Industrial Automation Windows Settings Changer (LTSC), B&R Industrial Automation Windows Settings Changer (2019 LTSC), B&R Industrial Automation Windows 10 Recovery Solution, B&R Industrial Automation ADI driver universal, B&R Industrial Automation ADI Development Kit, B&R Industrial Automation ADI .NET SDK, B&R Industrial Automation SRAM driver, B&R Industrial Automation HMI Service Center, B&R Industrial Automation HMI Service Center Maintenance, B&R Industrial Automation Windows 10 IoT Enterprise 2019 LTSC, B&R Industrial Automation KCF Editor could allow an authenticated local attacker to execute malicious code by placing specially crafted files in the loading search path..This issue affects Scene Viewer: before 4.4.0; Automation Runtime: before J4.93; mapp Vision: before 5.26.1; mapp View: before 5.24.2; mapp Cockpit: before 5.24.2; mapp Safety: before 5.24.2; VC4: before 4.73.2; APROL: before 4.4-01; CAN Driver: before 1.1.0; CAN Driver CC770: before 3.3.0; CAN Driver SJA1000: before 1.3.0; Tou0ch Lock: before 2.1.0; B&R Single-Touch Driver: before 2.0.0; Serial User Mode Touch Driver: before 1.7.1; Windows Settings Changer (LTSC): before 3.2.0; Windows Settings Changer (2019 LTSC): before 2.2.0; Windows 10 Recovery Solution: before 3.2.0; ADI driver universal: before 3.2.0; ADI Development Kit: before 5.5.0; ADI .NET SDK: before 4.1.0; SRAM driver: before 1.2.0; HMI Service Center: before 3.1.0; HMI Service Center Maintenance: before 2.1.0; Windows 10 IoT Enterprise 2019 LTSC: through 1.1; KCF Editor: before 1.1.0."}, {"lang": "es", "value": "Un atacante local autenticado que aprovechara con \u00e9xito esta vulnerabilidad podr\u00eda insertar y ejecutar c\u00f3digo arbitrario utilizando software leg\u00edtimo de B&R. Una vulnerabilidad de elemento de ruta de b\u00fasqueda no controlada en B&R Industrial Automation Scene Viewer, B&R Industrial Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automation mapp View, B&R Industrial Automation mapp Cockpit, B&R Industrial Automation mapp Safety, B&R Industrial Automation VC4 podr\u00eda permitir una autenticaci\u00f3n atacante local ejecute c\u00f3digo malicioso colocando archivos especialmente manipulados en la ruta de b\u00fasqueda de carga. Este problema afecta a Scene Viewer: antes de 4.4.0; Automation Runtime: antes de J4.93; mapp Vision: antes de 5.26.1; mapp View: antes de 5.24.2; Cockpit mapp: antes de 5.24.2; mapp Safety: antes de 5.24.2; VC4: antes de 4.73.2."}], "id": "CVE-2024-2637", "lastModified": "2025-04-24T07:15:29.910", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.6, "impactScore": 6.0, "source": "cybersecurity@ch.abb.com", "type": "Secondary"}]}, "published": "2024-05-14T19:15:10.230", "references": [{"source": "cybersecurity@ch.abb.com", "url": "https://www.br-automation.com/fileadmin/SA24P005_Insecure_Loading_of_Code-c7d9e49c.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.br-automation.com/fileadmin/SA24P005_Insecure_Loading_of_Code-c7d9e49c.pdf"}], "sourceIdentifier": "cybersecurity@ch.abb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "cybersecurity@ch.abb.com", "type": "Secondary"}]}

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object