CVE-2024-2637

Insecure Loading of Code in B&R Products

Description

An Uncontrolled Search Path Element vulnerability in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automation mapp View, B&R Industrial Automation mapp Cockpit, B&R Industrial Automation mapp Safety, B&R Industrial Automation VC4, B&R Industrial Automation APROL, B&R Industrial Automation CAN Driver, B&R Industrial Automation CAN Driver CC770, B&R Industrial Automation CAN Driver SJA1000, B&R Industrial Automation Tou0ch Lock, B&R Industrial Automation B&R Single-Touch Driver, B&R Industrial Automation Serial User Mode Touch Driver, B&R Industrial Automation Windows Settings Changer (LTSC), B&R Industrial Automation Windows Settings Changer (2019 LTSC), B&R Industrial Automation Windows 10 Recovery Solution, B&R Industrial Automation ADI driver universal, B&R Industrial Automation ADI Development Kit, B&R Industrial Automation ADI .NET SDK, B&R Industrial Automation SRAM driver, B&R Industrial Automation HMI Service Center, B&R Industrial Automation HMI Service Center Maintenance, B&R Industrial Automation Windows 10 IoT Enterprise 2019 LTSC, B&R Industrial Automation KCF Editor could allow an authenticated local attacker to execute malicious code by placing specially crafted files in the loading search path..This issue affects Scene Viewer: before 4.4.0; Automation Runtime: before J4.93; mapp Vision: before 5.26.1; mapp View: before 5.24.2; mapp Cockpit: before 5.24.2; mapp Safety: before 5.24.2; VC4: before 4.73.2; APROL: before 4.4-01; CAN Driver: before 1.1.0; CAN Driver CC770: before 3.3.0; CAN Driver SJA1000: before 1.3.0; Tou0ch Lock: before 2.1.0; B&R Single-Touch Driver: before 2.0.0; Serial User Mode Touch Driver: before 1.7.1; Windows Settings Changer (LTSC): before 3.2.0; Windows Settings Changer (2019 LTSC): before 2.2.0; Windows 10 Recovery Solution: before 3.2.0; ADI driver universal: before 3.2.0; ADI Development Kit: before 5.5.0; ADI .NET SDK: before 4.1.0; SRAM driver: before 1.2.0; HMI Service Center: before 3.1.0; HMI Service Center Maintenance: before 2.1.0; Windows 10 IoT Enterprise 2019 LTSC: through 1.1; KCF Editor: before 1.1.0.

Category

7.2
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.02%
Affected: B&R Industrial Automation Scene Viewer
Affected: B&R Industrial Automation Automation Runtime
Affected: B&R Industrial Automation mapp Vision
Affected: B&R Industrial Automation mapp View
Affected: B&R Industrial Automation mapp Cockpit
Affected: B&R Industrial Automation mapp Safety
Affected: B&R Industrial Automation VC4
Affected: B&R Industrial Automation APROL
Affected: B&R Industrial Automation CAN Driver
Affected: B&R Industrial Automation CAN Driver CC770
Affected: B&R Industrial Automation CAN Driver SJA1000
Affected: B&R Industrial Automation Tou0ch Lock
Affected: B&R Industrial Automation B&R Single-Touch Driver
Affected: B&R Industrial Automation Serial User Mode Touch Driver
Affected: B&R Industrial Automation Windows Settings Changer (LTSC)
Affected: B&R Industrial Automation Windows Settings Changer (2019 LTSC)
Affected: B&R Industrial Automation Windows 10 Recovery Solution
Affected: B&R Industrial Automation ADI driver universal
Affected: B&R Industrial Automation ADI Development Kit
Affected: B&R Industrial Automation ADI .NET SDK
Affected: B&R Industrial Automation SRAM driver
Affected: B&R Industrial Automation HMI Service Center
Affected: B&R Industrial Automation HMI Service Center Maintenance
Affected: B&R Industrial Automation Windows 10 IoT Enterprise 2019 LTSC
Affected: B&R Industrial Automation KCF Editor
Published at:
Updated at:

References

Link Tags
https://www.br-automation.com/fileadmin/SA24P005_Insecure_Loading_of_Code-c7d9e49c.pdf

Frequently Asked Questions

What is the severity of CVE-2024-2637?
CVE-2024-2637 has been scored as a high severity vulnerability.
How to fix CVE-2024-2637?
To fix CVE-2024-2637, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-2637 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-2637 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-2637?
CVE-2024-2637 affects B&R Industrial Automation Scene Viewer, B&R Industrial Automation Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automation mapp View, B&R Industrial Automation mapp Cockpit, B&R Industrial Automation mapp Safety, B&R Industrial Automation VC4, B&R Industrial Automation APROL, B&R Industrial Automation CAN Driver, B&R Industrial Automation CAN Driver CC770, B&R Industrial Automation CAN Driver SJA1000, B&R Industrial Automation Tou0ch Lock, B&R Industrial Automation B&R Single-Touch Driver, B&R Industrial Automation Serial User Mode Touch Driver, B&R Industrial Automation Windows Settings Changer (LTSC), B&R Industrial Automation Windows Settings Changer (2019 LTSC), B&R Industrial Automation Windows 10 Recovery Solution, B&R Industrial Automation ADI driver universal, B&R Industrial Automation ADI Development Kit, B&R Industrial Automation ADI .NET SDK, B&R Industrial Automation SRAM driver, B&R Industrial Automation HMI Service Center, B&R Industrial Automation HMI Service Center Maintenance, B&R Industrial Automation Windows 10 IoT Enterprise 2019 LTSC, B&R Industrial Automation KCF Editor.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.