CVE-2024-0220
B&R products use insufficient communication encryption
In short
B&R Automation Studio and Technology Guarding products use weak encryption when communicating with their servers, allowing attackers on the network to intercept sensitive information or inject malicious code.
Technical detail
Insufficient cryptographic strength in client-server communication (CWE-319) enables network-based adversaries to perform man-in-the-middle attacks, potentially leading to credential theft, arbitrary code execution (CWE-94), or service compromise. The vulnerability affects upgrade and licensing channels without proper authentication or encryption mechanisms.
Summary generated and translated by AI from the official description.
B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive data.
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected products
B&R Industrial Automation · Automation StudioB&R Industrial Automation · Technology GuardingWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →