CVE-2024-2637 (GCVE-0-2024-2637)

Vulnerability from cvelistv5 – Published: 2024-05-14 18:49 – Updated: 2025-04-24 06:52
VLAI?
Summary
An Uncontrolled Search Path Element vulnerability in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automation mapp View, B&R Industrial Automation mapp Cockpit, B&R Industrial Automation mapp Safety, B&R Industrial Automation VC4, B&R Industrial Automation APROL, B&R Industrial Automation CAN Driver, B&R Industrial Automation CAN Driver CC770, B&R Industrial Automation CAN Driver SJA1000, B&R Industrial Automation Tou0ch Lock, B&R Industrial Automation B&R Single-Touch Driver, B&R Industrial Automation Serial User Mode Touch Driver, B&R Industrial Automation Windows Settings Changer (LTSC), B&R Industrial Automation Windows Settings Changer (2019 LTSC), B&R Industrial Automation Windows 10 Recovery Solution, B&R Industrial Automation ADI driver universal, B&R Industrial Automation ADI Development Kit, B&R Industrial Automation ADI .NET SDK, B&R Industrial Automation SRAM driver, B&R Industrial Automation HMI Service Center, B&R Industrial Automation HMI Service Center Maintenance, B&R Industrial Automation Windows 10 IoT Enterprise 2019 LTSC, B&R Industrial Automation KCF Editor could allow an authenticated local attacker to execute malicious code by placing specially crafted files in the loading search path..This issue affects Scene Viewer: before 4.4.0; Automation Runtime: before J4.93; mapp Vision: before 5.26.1; mapp View: before 5.24.2; mapp Cockpit: before 5.24.2; mapp Safety: before 5.24.2; VC4: before 4.73.2; APROL: before 4.4-01; CAN Driver: before 1.1.0; CAN Driver CC770: before 3.3.0; CAN Driver SJA1000: before 1.3.0; Tou0ch Lock: before 2.1.0; B&R Single-Touch Driver: before 2.0.0; Serial User Mode Touch Driver: before 1.7.1; Windows Settings Changer (LTSC): before 3.2.0; Windows Settings Changer (2019 LTSC): before 2.2.0; Windows 10 Recovery Solution: before 3.2.0; ADI driver universal: before 3.2.0; ADI Development Kit: before 5.5.0; ADI .NET SDK: before 4.1.0; SRAM driver: before 1.2.0; HMI Service Center: before 3.1.0; HMI Service Center Maintenance: before 2.1.0; Windows 10 IoT Enterprise 2019 LTSC: through 1.1; KCF Editor: before 1.1.0.
Severity ?
7.2 (High)
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
CWE
  • CWE-427 - Uncontrolled Search Path Element
Assigner
ABB
References
Impacted products
Vendor Product Version
B&R Industrial Automation Scene Viewer Affected: 0 , < 4.4.0 (custom)
Create a notification for this product.
    B&R Industrial Automation Automation Runtime Affected: 0 , < J4.93 (custom)
Create a notification for this product.
    B&R Industrial Automation mapp Vision Affected: 0 , < 5.26.1 (custom)
Create a notification for this product.
    B&R Industrial Automation mapp View Affected: 0 , < 5.24.2 (custom)
Create a notification for this product.
    B&R Industrial Automation mapp Cockpit Affected: 0 , < 5.24.2 (custom)
Create a notification for this product.
    B&R Industrial Automation mapp Safety Affected: 0 , < 5.24.2 (custom)
Create a notification for this product.
    B&R Industrial Automation VC4 Affected: 0 , < 4.73.2 (custom)
Create a notification for this product.
    B&R Industrial Automation APROL Affected: 0 , < 4.4-01 (custom)
Create a notification for this product.
    B&R Industrial Automation CAN Driver Affected: 0 , < 1.1.0 (custom)
Create a notification for this product.
    B&R Industrial Automation CAN Driver CC770 Affected: 0 , < 3.3.0 (custom)
Create a notification for this product.
    B&R Industrial Automation CAN Driver SJA1000 Affected: 0 , < 1.3.0 (custom)
Create a notification for this product.
    B&R Industrial Automation Tou0ch Lock Affected: 0 , < 2.1.0 (custom)
Create a notification for this product.
    B&R Industrial Automation B&R Single-Touch Driver Affected: 0 , < 2.0.0 (custom)
Create a notification for this product.
    B&R Industrial Automation Serial User Mode Touch Driver Affected: 0 , < 1.7.1 (custom)
Create a notification for this product.
    B&R Industrial Automation Windows Settings Changer (LTSC) Affected: 0 , < 3.2.0 (custom)
Create a notification for this product.
    B&R Industrial Automation Windows Settings Changer (2019 LTSC) Affected: 0 , < 2.2.0 (custom)
Create a notification for this product.
    B&R Industrial Automation Windows 10 Recovery Solution Affected: 0 , < 3.2.0 (custom)
Create a notification for this product.
    B&R Industrial Automation ADI driver universal Affected: 0 , < 3.2.0 (custom)
Create a notification for this product.
    B&R Industrial Automation ADI Development Kit Affected: 0 , < 5.5.0 (custom)
Create a notification for this product.
    B&R Industrial Automation ADI .NET SDK Affected: 0 , < 4.1.0 (custom)
Create a notification for this product.
    B&R Industrial Automation SRAM driver Affected: 0 , < 1.2.0 (custom)
Create a notification for this product.
    B&R Industrial Automation HMI Service Center Affected: 0 , < 3.1.0 (custom)
Create a notification for this product.
    B&R Industrial Automation HMI Service Center Maintenance Affected: 0 , < 2.1.0 (custom)
Create a notification for this product.
    B&R Industrial Automation Windows 10 IoT Enterprise 2019 LTSC Affected: 0 , ≤ 1.1 (custom)
Create a notification for this product.
    B&R Industrial Automation KCF Editor Affected: 0 , < 1.1.0 (custom)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:br-automation:scene_viewer:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "scene_viewer",
            "vendor": "br-automation",
            "versions": [
              {
                "lessThan": "4.4.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:br-automation:automation_runtime:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "automation_runtime",
            "vendor": "br-automation",
            "versions": [
              {
                "lessThan": "j4.93",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:br-automation:mapp_vision:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mapp_vision",
            "vendor": "br-automation",
            "versions": [
              {
                "lessThan": "5.26.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:br-automation:mapp_view:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mapp_view",
            "vendor": "br-automation",
            "versions": [
              {
                "lessThan": "5.24.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:br-automation:mapp_cockpit:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mapp_cockpit",
            "vendor": "br-automation",
            "versions": [
              {
                "lessThan": "5.24.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:br-automation:vc4:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "vc4",
            "vendor": "br-automation",
            "versions": [
              {
                "lessThan": "4.73.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-2637",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-14T19:33:12.195778Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-06T14:56:12.677Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T19:18:48.124Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.br-automation.com/fileadmin/SA24P005_Insecure_Loading_of_Code-c7d9e49c.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Scene Viewer",
          "vendor": "B\u0026R Industrial Automation",
          "versions": [
            {
              "lessThan": "4.4.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Automation Runtime",
          "vendor": "B\u0026R Industrial Automation",
          "versions": [
            {
              "lessThan": "J4.93",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "mapp Vision",
          "vendor": "B\u0026R Industrial Automation",
          "versions": [
            {
              "lessThan": "5.26.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "mapp View",
          "vendor": "B\u0026R Industrial Automation",
          "versions": [
            {
              "lessThan": "5.24.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "mapp Cockpit",
          "vendor": "B\u0026R Industrial Automation",
          "versions": [
            {
              "lessThan": "5.24.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "mapp Safety",
          "vendor": "B\u0026R Industrial Automation",
          "versions": [
            {
              "lessThan": "5.24.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VC4",
          "vendor": "B\u0026R Industrial Automation",
          "versions": [
            {
              "lessThan": "4.73.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "APROL",
          "vendor": "B\u0026R Industrial Automation",
          "versions": [
            {
              "lessThan": "4.4-01",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CAN Driver",
          "vendor": "B\u0026R Industrial Automation",
          "versions": [
            {
              "lessThan": "1.1.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CAN Driver CC770",
          "vendor": "B\u0026R Industrial Automation",
          "versions": [
            {
              "lessThan": "3.3.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CAN Driver SJA1000",
          "vendor": "B\u0026R Industrial Automation",
          "versions": [
            {
              "lessThan": "1.3.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Tou0ch Lock",
          "vendor": "B\u0026R Industrial Automation",
          "versions": [
            {
              "lessThan": "2.1.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "B\u0026R Single-Touch Driver",
          "vendor": "B\u0026R Industrial Automation",
          "versions": [
            {
              "lessThan": "2.0.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Serial User Mode Touch Driver",
          "vendor": "B\u0026R Industrial Automation",
          "versions": [
            {
              "lessThan": "1.7.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Windows Settings Changer (LTSC)",
          "vendor": "B\u0026R Industrial Automation",
          "versions": [
            {
              "lessThan": "3.2.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Windows Settings Changer (2019 LTSC)",
          "vendor": "B\u0026R Industrial Automation",
          "versions": [
            {
              "lessThan": "2.2.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Windows 10 Recovery Solution",
          "vendor": "B\u0026R Industrial Automation",
          "versions": [
            {
              "lessThan": "3.2.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ADI driver universal",
          "vendor": "B\u0026R Industrial Automation",
          "versions": [
            {
              "lessThan": "3.2.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ADI Development Kit",
          "vendor": "B\u0026R Industrial Automation",
          "versions": [
            {
              "lessThan": "5.5.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ADI .NET SDK",
          "vendor": "B\u0026R Industrial Automation",
          "versions": [
            {
              "lessThan": "4.1.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "SRAM driver",
          "vendor": "B\u0026R Industrial Automation",
          "versions": [
            {
              "lessThan": "1.2.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HMI Service Center",
          "vendor": "B\u0026R Industrial Automation",
          "versions": [
            {
              "lessThan": "3.1.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "HMI Service Center Maintenance",
          "vendor": "B\u0026R Industrial Automation",
          "versions": [
            {
              "lessThan": "2.1.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Windows 10 IoT Enterprise 2019 LTSC",
          "vendor": "B\u0026R Industrial Automation",
          "versions": [
            {
              "lessThanOrEqual": "1.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "KCF Editor",
          "vendor": "B\u0026R Industrial Automation",
          "versions": [
            {
              "lessThan": "1.1.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2025-04-02T18:50:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An Uncontrolled Search Path Element vulnerability\u0026nbsp;in B\u0026amp;R Industrial Automation Scene Viewer, B\u0026amp;R Industrial Automation Automation Runtime, B\u0026amp;R Industrial Automation mapp Vision, B\u0026amp;R Industrial Automation mapp View, B\u0026amp;R Industrial Automation mapp Cockpit, B\u0026amp;R Industrial Automation mapp Safety, B\u0026amp;R Industrial Automation VC4, B\u0026amp;R Industrial Automation APROL, B\u0026amp;R Industrial Automation CAN Driver, B\u0026amp;R Industrial Automation CAN Driver CC770, B\u0026amp;R Industrial Automation CAN Driver SJA1000, B\u0026amp;R Industrial Automation Tou0ch Lock, B\u0026amp;R Industrial Automation B\u0026amp;R Single-Touch Driver, B\u0026amp;R Industrial Automation Serial User Mode Touch Driver, B\u0026amp;R Industrial Automation Windows Settings Changer (LTSC), B\u0026amp;R Industrial Automation Windows Settings Changer (2019 LTSC), B\u0026amp;R Industrial Automation Windows 10 Recovery Solution, B\u0026amp;R Industrial Automation ADI driver universal, B\u0026amp;R Industrial Automation ADI Development Kit, B\u0026amp;R Industrial Automation ADI .NET SDK, B\u0026amp;R Industrial Automation SRAM driver, B\u0026amp;R Industrial Automation HMI Service Center, B\u0026amp;R Industrial Automation HMI Service Center Maintenance, B\u0026amp;R Industrial Automation Windows 10 IoT Enterprise 2019 LTSC, B\u0026amp;R Industrial Automation KCF Editor could allow an authenticated local attacker to execute malicious code by placing specially crafted files in the loading search path..\u003cp\u003eThis issue affects Scene Viewer: before 4.4.0; Automation Runtime: before J4.93; mapp Vision: before 5.26.1; mapp View: before 5.24.2; mapp Cockpit: before 5.24.2; mapp Safety: before 5.24.2; VC4: before 4.73.2; APROL: before 4.4-01; CAN Driver: before 1.1.0; CAN Driver CC770: before 3.3.0; CAN Driver SJA1000: before 1.3.0; Tou0ch Lock: before 2.1.0; B\u0026amp;R Single-Touch Driver: before 2.0.0; Serial User Mode Touch Driver: before 1.7.1; Windows Settings Changer (LTSC): before 3.2.0; Windows Settings Changer (2019 LTSC): before 2.2.0; Windows 10 Recovery Solution: before 3.2.0; ADI driver universal: before 3.2.0; ADI Development Kit: before 5.5.0; ADI .NET SDK: before 4.1.0; SRAM driver: before 1.2.0; HMI Service Center: before 3.1.0; HMI Service Center Maintenance: before 2.1.0; Windows 10 IoT Enterprise 2019 LTSC: through 1.1; KCF Editor: before 1.1.0.\u003c/p\u003e"
            }
          ],
          "value": "An Uncontrolled Search Path Element vulnerability\u00a0in B\u0026R Industrial Automation Scene Viewer, B\u0026R Industrial Automation Automation Runtime, B\u0026R Industrial Automation mapp Vision, B\u0026R Industrial Automation mapp View, B\u0026R Industrial Automation mapp Cockpit, B\u0026R Industrial Automation mapp Safety, B\u0026R Industrial Automation VC4, B\u0026R Industrial Automation APROL, B\u0026R Industrial Automation CAN Driver, B\u0026R Industrial Automation CAN Driver CC770, B\u0026R Industrial Automation CAN Driver SJA1000, B\u0026R Industrial Automation Tou0ch Lock, B\u0026R Industrial Automation B\u0026R Single-Touch Driver, B\u0026R Industrial Automation Serial User Mode Touch Driver, B\u0026R Industrial Automation Windows Settings Changer (LTSC), B\u0026R Industrial Automation Windows Settings Changer (2019 LTSC), B\u0026R Industrial Automation Windows 10 Recovery Solution, B\u0026R Industrial Automation ADI driver universal, B\u0026R Industrial Automation ADI Development Kit, B\u0026R Industrial Automation ADI .NET SDK, B\u0026R Industrial Automation SRAM driver, B\u0026R Industrial Automation HMI Service Center, B\u0026R Industrial Automation HMI Service Center Maintenance, B\u0026R Industrial Automation Windows 10 IoT Enterprise 2019 LTSC, B\u0026R Industrial Automation KCF Editor could allow an authenticated local attacker to execute malicious code by placing specially crafted files in the loading search path..This issue affects Scene Viewer: before 4.4.0; Automation Runtime: before J4.93; mapp Vision: before 5.26.1; mapp View: before 5.24.2; mapp Cockpit: before 5.24.2; mapp Safety: before 5.24.2; VC4: before 4.73.2; APROL: before 4.4-01; CAN Driver: before 1.1.0; CAN Driver CC770: before 3.3.0; CAN Driver SJA1000: before 1.3.0; Tou0ch Lock: before 2.1.0; B\u0026R Single-Touch Driver: before 2.0.0; Serial User Mode Touch Driver: before 1.7.1; Windows Settings Changer (LTSC): before 3.2.0; Windows Settings Changer (2019 LTSC): before 2.2.0; Windows 10 Recovery Solution: before 3.2.0; ADI driver universal: before 3.2.0; ADI Development Kit: before 5.5.0; ADI .NET SDK: before 4.1.0; SRAM driver: before 1.2.0; HMI Service Center: before 3.1.0; HMI Service Center Maintenance: before 2.1.0; Windows 10 IoT Enterprise 2019 LTSC: through 1.1; KCF Editor: before 1.1.0."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-641",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-641 DLL Side-Loading"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-427",
              "description": "CWE-427 Uncontrolled Search Path Element",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-24T06:52:46.092Z",
        "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "shortName": "ABB"
      },
      "references": [
        {
          "url": "https://www.br-automation.com/fileadmin/SA24P005_Insecure_Loading_of_Code-c7d9e49c.pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Insecure Loading of Code in B\u0026R Products",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
    "assignerShortName": "ABB",
    "cveId": "CVE-2024-2637",
    "datePublished": "2024-05-14T18:49:28.624Z",
    "dateReserved": "2024-03-19T08:15:24.368Z",
    "dateUpdated": "2025-04-24T06:52:46.092Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An Uncontrolled Search Path Element vulnerability in B\u0026R Industrial Automation Scene Viewer, B\u0026R Industrial Automation Automation Runtime, B\u0026R Industrial Automation mapp Vision, B\u0026R Industrial Automation mapp View, B\u0026R Industrial Automation mapp Cockpit, B\u0026R Industrial Automation mapp Safety, B\u0026R Industrial Automation VC4 could allow an authenticated local attacker to execute malicious code by placing specially crafted files in the loading search path.This issue affects Scene Viewer: before 4.4.0; Automation Runtime: before J4.93; mapp Vision: before 5.26.1; mapp View: before 5.24.2; mapp Cockpit: before 5.24.2; mapp Safety: before 5.24.2; VC4: before 4.73.2.\"}, {\"lang\": \"es\", \"value\": \"Un atacante local autenticado que aprovechara con \\u00e9xito esta vulnerabilidad podr\\u00eda insertar y ejecutar c\\u00f3digo arbitrario utilizando software leg\\u00edtimo de B\u0026amp;R. Una vulnerabilidad de elemento de ruta de b\\u00fasqueda no controlada en B\u0026amp;R Industrial Automation Scene Viewer, B\u0026amp;R Industrial Automation Runtime, B\u0026amp;R Industrial Automation mapp Vision, B\u0026amp;R Industrial Automation mapp View, B\u0026amp;R Industrial Automation mapp Cockpit, B\u0026amp;R Industrial Automation mapp Safety, B\u0026amp;R Industrial Automation VC4 podr\\u00eda permitir una autenticaci\\u00f3n atacante local ejecute c\\u00f3digo malicioso colocando archivos especialmente manipulados en la ruta de b\\u00fasqueda de carga. Este problema afecta a Scene Viewer: antes de 4.4.0; Automation Runtime: antes de J4.93; mapp Vision: antes de 5.26.1; mapp View: antes de 5.24.2; Cockpit mapp: antes de 5.24.2; mapp Safety: antes de 5.24.2; VC4: antes de 4.73.2.\"}]",
      "id": "CVE-2024-2637",
      "lastModified": "2024-11-21T09:10:11.330",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"cybersecurity@ch.abb.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H\", \"baseScore\": 7.2, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 0.6, \"impactScore\": 6.0}]}",
      "published": "2024-05-14T19:15:10.230",
      "references": "[{\"url\": \"https://www.br-automation.com/fileadmin/SA24P005_Insecure_Loading_of_Code-c7d9e49c.pdf\", \"source\": \"cybersecurity@ch.abb.com\"}, {\"url\": \"https://www.br-automation.com/fileadmin/SA24P005_Insecure_Loading_of_Code-c7d9e49c.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cybersecurity@ch.abb.com",
      "vulnStatus": "Awaiting Analysis",
      "weaknesses": "[{\"source\": \"cybersecurity@ch.abb.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-427\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-2637\",\"sourceIdentifier\":\"cybersecurity@ch.abb.com\",\"published\":\"2024-05-14T19:15:10.230\",\"lastModified\":\"2025-04-24T07:15:29.910\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An Uncontrolled Search Path Element vulnerability\u00a0in B\u0026R Industrial Automation Scene Viewer, B\u0026R Industrial Automation Automation Runtime, B\u0026R Industrial Automation mapp Vision, B\u0026R Industrial Automation mapp View, B\u0026R Industrial Automation mapp Cockpit, B\u0026R Industrial Automation mapp Safety, B\u0026R Industrial Automation VC4, B\u0026R Industrial Automation APROL, B\u0026R Industrial Automation CAN Driver, B\u0026R Industrial Automation CAN Driver CC770, B\u0026R Industrial Automation CAN Driver SJA1000, B\u0026R Industrial Automation Tou0ch Lock, B\u0026R Industrial Automation B\u0026R Single-Touch Driver, B\u0026R Industrial Automation Serial User Mode Touch Driver, B\u0026R Industrial Automation Windows Settings Changer (LTSC), B\u0026R Industrial Automation Windows Settings Changer (2019 LTSC), B\u0026R Industrial Automation Windows 10 Recovery Solution, B\u0026R Industrial Automation ADI driver universal, B\u0026R Industrial Automation ADI Development Kit, B\u0026R Industrial Automation ADI .NET SDK, B\u0026R Industrial Automation SRAM driver, B\u0026R Industrial Automation HMI Service Center, B\u0026R Industrial Automation HMI Service Center Maintenance, B\u0026R Industrial Automation Windows 10 IoT Enterprise 2019 LTSC, B\u0026R Industrial Automation KCF Editor could allow an authenticated local attacker to execute malicious code by placing specially crafted files in the loading search path..This issue affects Scene Viewer: before 4.4.0; Automation Runtime: before J4.93; mapp Vision: before 5.26.1; mapp View: before 5.24.2; mapp Cockpit: before 5.24.2; mapp Safety: before 5.24.2; VC4: before 4.73.2; APROL: before 4.4-01; CAN Driver: before 1.1.0; CAN Driver CC770: before 3.3.0; CAN Driver SJA1000: before 1.3.0; Tou0ch Lock: before 2.1.0; B\u0026R Single-Touch Driver: before 2.0.0; Serial User Mode Touch Driver: before 1.7.1; Windows Settings Changer (LTSC): before 3.2.0; Windows Settings Changer (2019 LTSC): before 2.2.0; Windows 10 Recovery Solution: before 3.2.0; ADI driver universal: before 3.2.0; ADI Development Kit: before 5.5.0; ADI .NET SDK: before 4.1.0; SRAM driver: before 1.2.0; HMI Service Center: before 3.1.0; HMI Service Center Maintenance: before 2.1.0; Windows 10 IoT Enterprise 2019 LTSC: through 1.1; KCF Editor: before 1.1.0.\"},{\"lang\":\"es\",\"value\":\"Un atacante local autenticado que aprovechara con \u00e9xito esta vulnerabilidad podr\u00eda insertar y ejecutar c\u00f3digo arbitrario utilizando software leg\u00edtimo de B\u0026amp;R. Una vulnerabilidad de elemento de ruta de b\u00fasqueda no controlada en B\u0026amp;R Industrial Automation Scene Viewer, B\u0026amp;R Industrial Automation Runtime, B\u0026amp;R Industrial Automation mapp Vision, B\u0026amp;R Industrial Automation mapp View, B\u0026amp;R Industrial Automation mapp Cockpit, B\u0026amp;R Industrial Automation mapp Safety, B\u0026amp;R Industrial Automation VC4 podr\u00eda permitir una autenticaci\u00f3n atacante local ejecute c\u00f3digo malicioso colocando archivos especialmente manipulados en la ruta de b\u00fasqueda de carga. Este problema afecta a Scene Viewer: antes de 4.4.0; Automation Runtime: antes de J4.93; mapp Vision: antes de 5.26.1; mapp View: antes de 5.24.2; Cockpit mapp: antes de 5.24.2; mapp Safety: antes de 5.24.2; VC4: antes de 4.73.2.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cybersecurity@ch.abb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.6,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"cybersecurity@ch.abb.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-427\"}]}],\"references\":[{\"url\":\"https://www.br-automation.com/fileadmin/SA24P005_Insecure_Loading_of_Code-c7d9e49c.pdf\",\"source\":\"cybersecurity@ch.abb.com\"},{\"url\":\"https://www.br-automation.com/fileadmin/SA24P005_Insecure_Loading_of_Code-c7d9e49c.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.br-automation.com/fileadmin/SA24P005_Insecure_Loading_of_Code-c7d9e49c.pdf\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T19:18:48.124Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-2637\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-05-14T19:33:12.195778Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:br-automation:scene_viewer:*:*:*:*:*:*:*:*\"], \"vendor\": \"br-automation\", \"product\": \"scene_viewer\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"4.4.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:br-automation:automation_runtime:*:*:*:*:*:*:*:*\"], \"vendor\": \"br-automation\", \"product\": \"automation_runtime\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"j4.93\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:br-automation:mapp_vision:*:*:*:*:*:*:*:*\"], \"vendor\": \"br-automation\", \"product\": \"mapp_vision\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"5.26.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:br-automation:mapp_view:*:*:*:*:*:*:*:*\"], \"vendor\": \"br-automation\", \"product\": \"mapp_view\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"5.24.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:br-automation:mapp_cockpit:*:*:*:*:*:*:*:*\"], \"vendor\": \"br-automation\", \"product\": \"mapp_cockpit\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"5.24.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:br-automation:vc4:*:*:*:*:*:*:*:*\"], \"vendor\": \"br-automation\", \"product\": \"vc4\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"4.73.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-14T19:44:57.892Z\"}}], \"cna\": {\"title\": \"Insecure Loading of Code in B\u0026R Products\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"impacts\": [{\"capecId\": \"CAPEC-641\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-641 DLL Side-Loading\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 7.2, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"B\u0026R Industrial Automation\", \"product\": \"Scene Viewer\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"4.4.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"B\u0026R Industrial Automation\", \"product\": \"Automation Runtime\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"J4.93\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"B\u0026R Industrial Automation\", \"product\": \"mapp Vision\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"5.26.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"B\u0026R Industrial Automation\", \"product\": \"mapp View\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"5.24.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"B\u0026R Industrial Automation\", \"product\": \"mapp Cockpit\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"5.24.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"B\u0026R Industrial Automation\", \"product\": \"mapp Safety\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"5.24.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"B\u0026R Industrial Automation\", \"product\": \"VC4\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"4.73.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"B\u0026R Industrial Automation\", \"product\": \"APROL\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"4.4-01\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"B\u0026R Industrial Automation\", \"product\": \"CAN Driver\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.1.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"B\u0026R Industrial Automation\", \"product\": \"CAN Driver CC770\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"3.3.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"B\u0026R Industrial Automation\", \"product\": \"CAN Driver SJA1000\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.3.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"B\u0026R Industrial Automation\", \"product\": \"Tou0ch Lock\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2.1.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"B\u0026R Industrial Automation\", \"product\": \"B\u0026R Single-Touch Driver\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2.0.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"B\u0026R Industrial Automation\", \"product\": \"Serial User Mode Touch Driver\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.7.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"B\u0026R Industrial Automation\", \"product\": \"Windows Settings Changer (LTSC)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"3.2.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"B\u0026R Industrial Automation\", \"product\": \"Windows Settings Changer (2019 LTSC)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2.2.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"B\u0026R Industrial Automation\", \"product\": \"Windows 10 Recovery Solution\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"3.2.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"B\u0026R Industrial Automation\", \"product\": \"ADI driver universal\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"3.2.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"B\u0026R Industrial Automation\", \"product\": \"ADI Development Kit\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"5.5.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"B\u0026R Industrial Automation\", \"product\": \"ADI .NET SDK\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"4.1.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"B\u0026R Industrial Automation\", \"product\": \"SRAM driver\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.2.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"B\u0026R Industrial Automation\", \"product\": \"HMI Service Center\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"3.1.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"B\u0026R Industrial Automation\", \"product\": \"HMI Service Center Maintenance\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2.1.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"B\u0026R Industrial Automation\", \"product\": \"Windows 10 IoT Enterprise 2019 LTSC\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.1\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"B\u0026R Industrial Automation\", \"product\": \"KCF Editor\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.1.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2025-04-02T18:50:00.000Z\", \"references\": [{\"url\": \"https://www.br-automation.com/fileadmin/SA24P005_Insecure_Loading_of_Code-c7d9e49c.pdf\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An Uncontrolled Search Path Element vulnerability\\u00a0in B\u0026R Industrial Automation Scene Viewer, B\u0026R Industrial Automation Automation Runtime, B\u0026R Industrial Automation mapp Vision, B\u0026R Industrial Automation mapp View, B\u0026R Industrial Automation mapp Cockpit, B\u0026R Industrial Automation mapp Safety, B\u0026R Industrial Automation VC4, B\u0026R Industrial Automation APROL, B\u0026R Industrial Automation CAN Driver, B\u0026R Industrial Automation CAN Driver CC770, B\u0026R Industrial Automation CAN Driver SJA1000, B\u0026R Industrial Automation Tou0ch Lock, B\u0026R Industrial Automation B\u0026R Single-Touch Driver, B\u0026R Industrial Automation Serial User Mode Touch Driver, B\u0026R Industrial Automation Windows Settings Changer (LTSC), B\u0026R Industrial Automation Windows Settings Changer (2019 LTSC), B\u0026R Industrial Automation Windows 10 Recovery Solution, B\u0026R Industrial Automation ADI driver universal, B\u0026R Industrial Automation ADI Development Kit, B\u0026R Industrial Automation ADI .NET SDK, B\u0026R Industrial Automation SRAM driver, B\u0026R Industrial Automation HMI Service Center, B\u0026R Industrial Automation HMI Service Center Maintenance, B\u0026R Industrial Automation Windows 10 IoT Enterprise 2019 LTSC, B\u0026R Industrial Automation KCF Editor could allow an authenticated local attacker to execute malicious code by placing specially crafted files in the loading search path..This issue affects Scene Viewer: before 4.4.0; Automation Runtime: before J4.93; mapp Vision: before 5.26.1; mapp View: before 5.24.2; mapp Cockpit: before 5.24.2; mapp Safety: before 5.24.2; VC4: before 4.73.2; APROL: before 4.4-01; CAN Driver: before 1.1.0; CAN Driver CC770: before 3.3.0; CAN Driver SJA1000: before 1.3.0; Tou0ch Lock: before 2.1.0; B\u0026R Single-Touch Driver: before 2.0.0; Serial User Mode Touch Driver: before 1.7.1; Windows Settings Changer (LTSC): before 3.2.0; Windows Settings Changer (2019 LTSC): before 2.2.0; Windows 10 Recovery Solution: before 3.2.0; ADI driver universal: before 3.2.0; ADI Development Kit: before 5.5.0; ADI .NET SDK: before 4.1.0; SRAM driver: before 1.2.0; HMI Service Center: before 3.1.0; HMI Service Center Maintenance: before 2.1.0; Windows 10 IoT Enterprise 2019 LTSC: through 1.1; KCF Editor: before 1.1.0.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"An Uncontrolled Search Path Element vulnerability\u0026nbsp;in B\u0026amp;R Industrial Automation Scene Viewer, B\u0026amp;R Industrial Automation Automation Runtime, B\u0026amp;R Industrial Automation mapp Vision, B\u0026amp;R Industrial Automation mapp View, B\u0026amp;R Industrial Automation mapp Cockpit, B\u0026amp;R Industrial Automation mapp Safety, B\u0026amp;R Industrial Automation VC4, B\u0026amp;R Industrial Automation APROL, B\u0026amp;R Industrial Automation CAN Driver, B\u0026amp;R Industrial Automation CAN Driver CC770, B\u0026amp;R Industrial Automation CAN Driver SJA1000, B\u0026amp;R Industrial Automation Tou0ch Lock, B\u0026amp;R Industrial Automation B\u0026amp;R Single-Touch Driver, B\u0026amp;R Industrial Automation Serial User Mode Touch Driver, B\u0026amp;R Industrial Automation Windows Settings Changer (LTSC), B\u0026amp;R Industrial Automation Windows Settings Changer (2019 LTSC), B\u0026amp;R Industrial Automation Windows 10 Recovery Solution, B\u0026amp;R Industrial Automation ADI driver universal, B\u0026amp;R Industrial Automation ADI Development Kit, B\u0026amp;R Industrial Automation ADI .NET SDK, B\u0026amp;R Industrial Automation SRAM driver, B\u0026amp;R Industrial Automation HMI Service Center, B\u0026amp;R Industrial Automation HMI Service Center Maintenance, B\u0026amp;R Industrial Automation Windows 10 IoT Enterprise 2019 LTSC, B\u0026amp;R Industrial Automation KCF Editor could allow an authenticated local attacker to execute malicious code by placing specially crafted files in the loading search path..\u003cp\u003eThis issue affects Scene Viewer: before 4.4.0; Automation Runtime: before J4.93; mapp Vision: before 5.26.1; mapp View: before 5.24.2; mapp Cockpit: before 5.24.2; mapp Safety: before 5.24.2; VC4: before 4.73.2; APROL: before 4.4-01; CAN Driver: before 1.1.0; CAN Driver CC770: before 3.3.0; CAN Driver SJA1000: before 1.3.0; Tou0ch Lock: before 2.1.0; B\u0026amp;R Single-Touch Driver: before 2.0.0; Serial User Mode Touch Driver: before 1.7.1; Windows Settings Changer (LTSC): before 3.2.0; Windows Settings Changer (2019 LTSC): before 2.2.0; Windows 10 Recovery Solution: before 3.2.0; ADI driver universal: before 3.2.0; ADI Development Kit: before 5.5.0; ADI .NET SDK: before 4.1.0; SRAM driver: before 1.2.0; HMI Service Center: before 3.1.0; HMI Service Center Maintenance: before 2.1.0; Windows 10 IoT Enterprise 2019 LTSC: through 1.1; KCF Editor: before 1.1.0.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-427\", \"description\": \"CWE-427 Uncontrolled Search Path Element\"}]}], \"providerMetadata\": {\"orgId\": \"2b718523-d88f-4f37-9bbd-300c20644bf9\", \"shortName\": \"ABB\", \"dateUpdated\": \"2025-04-24T06:52:46.092Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-2637\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-24T06:52:46.092Z\", \"dateReserved\": \"2024-03-19T08:15:24.368Z\", \"assignerOrgId\": \"2b718523-d88f-4f37-9bbd-300c20644bf9\", \"datePublished\": \"2024-05-14T18:49:28.624Z\", \"assignerShortName\": \"ABB\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.