Vulnerabilities > CVE-2024-0323 - Use of a Risky Cryptographic Primitive vulnerability in Br-Automation Automation Runtime

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

br-automation

CWE-1240

critical

NVD

Published: 2024-02-05

Updated: 2024-09-06

Summary

The FTP server used on the B&R Automation Runtime supports unsecure encryption mechanisms, such as SSLv3, TLSv1.0 and TLS1.1. An network-based attacker can exploit the flaws to conduct man-in-the-middle attacks or to decrypt communications between the affected product clients.

Vulnerable Configurations

Part	Description	Count
Application	Br-Automation BR Automation Automation Runtime 2.96 BR Automation Automation Runtime 3.00 BR Automation Automation Runtime 3.01 BR Automation Automation Runtime 3.06 BR Automation Automation Runtime 3.07 BR Automation Automation Runtime 3.08 BR Automation Automation Runtime 3.10 BR Automation Automation Runtime 4.00 BR Automation Automation Runtime 4.03 BR Automation Automation Runtime 4.04 BR Automation Automation Runtime 4.10 BR Automation Automation Runtime 4.20 BR Automation Automation Runtime 4.30 BR Automation Automation Runtime 4.40 BR Automation Automation Runtime 4.50 BR Automation Automation Runtime 4.60 BR Automation Automation Runtime 4.63 BR Automation Automation Runtime 4.70 BR Automation Automation Runtime 4.72 BR Automation Automation Runtime A4.73 BR Automation Automation Runtime D4.63 BR Automation Automation Runtime E4.53 BR Automation Automation Runtime F4.45 BR Automation Automation Runtime G4.93 BR Automation Automation Runtime I4.93	25

Common Weakness Enumeration (CWE)

CWE-1240 - Use of a Risky Cryptographic Primitive

References

https://www.br-automation.com/fileadmin/SA23P004_FTP_uses_unsecure_encryption_mechanisms-f57c147c.pdf