CVE-2023-3242

Name of the Vulnerable Software and Affected Versions B&R Automation Runtime versions prior to G4.93

Description The issue is related to improper initialization implementation in the Portmapper service used in B&R Industrial Automation Automation Runtime. This allows unauthenticated network-based attackers to cause permanent denial-of-service conditions by exploiting the vulnerability, potentially through sending SYN requests. The vulnerability can also be leveraged to allocate resources without limits or throttling, leading to flooding and leveraging race conditions.

Recommendations For versions prior to G4.93, update to a version G4.93 or later to resolve the issue. As a temporary workaround, consider restricting access to the Portmapper service to minimize the risk of exploitation.