7.8
CVE-2020-24682
- EPSS 0.05%
- Veröffentlicht 02.02.2024 08:15:45
- Zuletzt bearbeitet 21.11.2024 05:15:45
- Quelle cybersecurity@ch.abb.com
- CVE-Watchlists
- Unerledigt
LoginUnquoted Search Path or Element vulnerability in B&R Industrial Automation Automation Studio, B&R Industrial Automation NET/PVI allows Target Programs with Elevated Privileges.This issue affects Automation Studio: from 4.0 through 4.6, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4 SP; NET/PVI: from 4.0 through 4.6, from 4.7.0 before 4.7.7, from 4.8.0 before 4.8.6, from 4.9.0 before 4.9.4.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Br-automation ≫ Automation Studio Version < 4.7.7.74
Br-automation ≫ Automation Studio Version >= 4.8 < 4.8.6.30
Br-automation ≫ Automation Studio Version >= 4.9 < 4.9.4.92
Br-automation ≫ Automation Net/pvi Version >= 4.0 < 4.7.7
Br-automation ≫ Automation Net/pvi Version >= 4.8 < 4.8.6
Br-automation ≫ Automation Net/pvi Version >= 4.9 < 4.9.4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.05% | 0.149 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| cybersecurity@ch.abb.com | 7.2 | 0.6 | 6 |
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
|
CWE-428 Unquoted Search Path or Element
The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.