B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive data.
Missing Encryption of Sensitive Data, Cleartext Transmission of Sensitive Information, Improper Control of Generation of Code ('Code Injection'), Inadequate Encryption Strength vulnerability in B&R Industrial Automation B&R Automation Studio (Upgrade Service modules), B&R Industrial Automation Technology Guarding.This issue affects B&R Automation Studio: <4.6; Technology Guarding: <1.4.0.
References
Configurations
No configuration.
History
22 Feb 2024, 19:07
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
22 Feb 2024, 11:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-22 11:15
Updated : 2024-02-22 19:07
NVD link : CVE-2024-0220
Mitre link : CVE-2024-0220
CVE.ORG link : CVE-2024-0220
JSON object : View
Products Affected
No product.