CVE-2024-0220 HIGH

CVE-2024-0220: B&R products use insufficient communication encryption

Vendor B&R Industrial Automation
Product Automation Studio
Weakness CWE-1240
Published February 22, 2024
Last update September 19, 2024

CVSS base score

8.3/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive data.

Key dates

02Disclosure timeline

February 22, 2024 CVE published
September 19, 2024 Record updated