CVE-2023-1617

Published Apr 14, 2023

Last updated 2 years ago

Overview

Description: Improper Authentication vulnerability in B&R Industrial Automation B&R VC4 (VNC-Server modules). This vulnerability may allow an unauthenticated network-based attacker to bypass the authentication mechanism of the VC4 visualization on affected devices. The impact of this vulnerability depends on the functionality provided in the visualization. This issue affects B&R VC4: from 3.* through 3.96.7, from 4.0* through 4.06.7, from 4.1* through 4.16.3, from 4.2* through 4.26.8, from 4.3* through 4.34.6, from 4.4* through 4.45.1, from 4.5* through 4.45.3, from 4.7* through 4.72.9.
Source: cybersecurity@ch.abb.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

Weaknesses

nvd@nist.gov: CWE-287
cybersecurity@ch.abb.com: CWE-287

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:br-automation:vc4:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C94CCB17-792C-4B9E-9EB2-5AC0888CF3DB",
            "versionEndExcluding": "3.96.8"
          },
          {
            "criteria": "cpe:2.3:a:br-automation:vc4:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "96C5BD56-2064-4219-970C-8AEDA8F85D20",
            "versionEndIncluding": "4.06.4",
            "versionStartIncluding": "4.0.0"
          },
          {
            "criteria": "cpe:2.3:a:br-automation:vc4:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EF05318D-11E2-40D4-9556-8A83D0B6ABEB",
            "versionEndIncluding": "4.16.3",
            "versionStartIncluding": "4.10.0"
          },
          {
            "criteria": "cpe:2.3:a:br-automation:vc4:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "115D84EC-19BD-4CAD-9BAD-6FE9A56E14A1",
            "versionEndIncluding": "4.26.8",
            "versionStartIncluding": "4.20.0"
          },
          {
            "criteria": "cpe:2.3:a:br-automation:vc4:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B28066C3-3BF0-4D87-B847-7DA3F126E39F",
            "versionEndExcluding": "4.34.7",
            "versionStartIncluding": "4.30.0"
          },
          {
            "criteria": "cpe:2.3:a:br-automation:vc4:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7C048F8F-7D8F-4CC3-91F9-631A3F96A533",
            "versionEndIncluding": "4.45.1",
            "versionStartIncluding": "4.40.0"
          },
          {
            "criteria": "cpe:2.3:a:br-automation:vc4:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A56A6BDA-4BC1-4D06-98F2-8CE089F07E3D",
            "versionEndIncluding": "4.53.0",
            "versionStartIncluding": "4.50.0"
          },
          {
            "criteria": "cpe:2.3:a:br-automation:vc4:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2E56F00F-57F9-407E-92A4-E03CDD074522",
            "versionEndExcluding": "4.73.0",
            "versionStartIncluding": "4.70.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References