CVE-2023-1617

Improper Authentication vulnerability in B&R Industrial Automation B&R VC4 (VNC-Server modules). This vulnerability may allow an unauthenticated network-based attacker to bypass the authentication mechanism of the VC4 visualization on affected devices. The impact of this vulnerability depends on the functionality provided in the visualization.
This issue affects B&R VC4: from 3.* through 3.96.7, from 4.0* through 4.06.7, from 4.1* through 4.16.3, from 4.2* through 4.26.8, from 4.3* through 4.34.6, from 4.4* through 4.45.1, from 4.5* through 4.45.3, from 4.7* through 4.72.9.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
ABBCNA
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 28%
VendorProductVersion
br-automationvc4
𝑥
< 3.96.8
br-automationvc4
4.0.0 ≤
𝑥
≤ 4.06.4
br-automationvc4
4.10.0 ≤
𝑥
≤ 4.16.3
br-automationvc4
4.20.0 ≤
𝑥
≤ 4.26.8
br-automationvc4
4.30.0 ≤
𝑥
< 4.34.7
br-automationvc4
4.40.0 ≤
𝑥
≤ 4.45.1
br-automationvc4
4.50.0 ≤
𝑥
≤ 4.53.0
br-automationvc4
4.70.0 ≤
𝑥
< 4.73.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.br-automation.com/downloads_br_productcatalogue/assets/1681046878970-en-original-1.0.pdf
https://www.br-automation.com/downloads_br_productcatalogue/assets/1681046878970-en-original-1.0.pdf