CVE-2024-5800

EPSS 0.1%
Veröffentlicht 12.08.2024 13:38:38
Zuletzt bearbeitet 19.12.2025 14:51:31
Quelle cybersecurity@ch.abb.com
CVE-Watchlists
Login
Unerledigt
Login

Diffie-Hellman groups with insufficient strength are used in the SSL/TLS stack of B&R Automation Runtime versions before 6.0.2, allowing a network attacker to decrypt the SSL/TLS communication.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Br-automation ≫ Automation Runtime Version < 6.0.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.1%	0.272

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cybersecurity@ch.abb.com	8.3	0	0	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-326 Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

https://www.br-automation.com/fileadmin/SA24P011-d8aaf02f.pdf

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-5800

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-5800

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-5800

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-5800