PT-2024-16313 · B&R · B&R Mapp Motion+5
Published
2024-12-02
·
Updated
2024-12-02
·
CVE-2024-10490
CVSS v4.0
8.4
High
| Vector | AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
B&R mapp Cockpit versions prior to 6.0
B&R mapp View versions prior to 6.0
B&R mapp Services versions prior to 6.0
B&R mapp Motion versions prior to 6.0
B&R mapp Vision versions prior to 6.0
Description
An "Authentication Bypass Using an Alternate Path or Channel" issue in the OPC UA Server configuration may be used by an unauthenticated network-based attacker to cause information disclosure, unintended change of data, or denial of service conditions. B&R mapp Services is only affected when
mpUserX or mpCodeBox are used in the Automation Studio project.Recommendations
For B&R mapp Cockpit versions prior to 6.0, update to version 6.0 or later.
For B&R mapp View versions prior to 6.0, update to version 6.0 or later.
For B&R mapp Services versions prior to 6.0, update to version 6.0 or later, and consider removing
mpUserX and mpCodeBox from the Automation Studio project if they are not necessary.
For B&R mapp Motion versions prior to 6.0, update to version 6.0 or later.
For B&R mapp Vision versions prior to 6.0, update to version 6.0 or later.Fix
Authentication Bypass Using an Alternate Path or Channel
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Automation Studio
B&R Mapp Cockpit
B&R Mapp Motion
B&R Mapp Services
B&R Mapp View
B&R Mapp Vision