CVE-2023-1617
CVSS V2 None
CVSS V3 None
Description
Improper Authentication vulnerability in B&R Industrial Automation B&R VC4 (VNC-Server modules). This vulnerability may allow an unauthenticated network-based attacker to bypass the authentication mechanism of the VC4 visualization on affected devices. The impact of this vulnerability depends on the functionality provided in the visualization.
This issue affects B&R VC4: from 3.* through 3.96.7, from 4.0* through 4.06.7, from 4.1* through 4.16.3, from 4.2* through 4.26.8, from 4.3* through 4.34.6, from 4.4* through 4.45.1, from 4.5* through 4.45.3, from 4.7* through 4.72.9.
Overview
- CVE ID
- CVE-2023-1617
- Assigner
- cybersecurity@ch.abb.com
- Vulnerability Status
- Analyzed
- Published Version
- 2023-04-14T12:15:07
- Last Modified Date
- 2023-04-24T13:21:35
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:br-automation:vc4:*:*:*:*:*:*:*:* | 1 | OR | 3.96.8 | |
| cpe:2.3:a:br-automation:vc4:*:*:*:*:*:*:*:* | 1 | OR | 4.0.0 | 4.06.4 |
| cpe:2.3:a:br-automation:vc4:*:*:*:*:*:*:*:* | 1 | OR | 4.10.0 | 4.16.3 |
| cpe:2.3:a:br-automation:vc4:*:*:*:*:*:*:*:* | 1 | OR | 4.20.0 | 4.26.8 |
| cpe:2.3:a:br-automation:vc4:*:*:*:*:*:*:*:* | 1 | OR | 4.30.0 | 4.34.7 |
| cpe:2.3:a:br-automation:vc4:*:*:*:*:*:*:*:* | 1 | OR | 4.40.0 | 4.45.1 |
| cpe:2.3:a:br-automation:vc4:*:*:*:*:*:*:*:* | 1 | OR | 4.50.0 | 4.53.0 |
| cpe:2.3:a:br-automation:vc4:*:*:*:*:*:*:*:* | 1 | OR | 4.70.0 | 4.73.0 |
References
| Reference URL | Reference Tags |
|---|---|
| https://www.br-automation.com/downloads_br_productcatalogue/assets/1681046878970-en-original-1.0.pdf |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-1617 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1617 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2023-04-17 04:43:13 | Added to TrackCVE | |||
| 2023-04-17 04:43:15 | Weakness Enumeration | new | ||
| 2023-04-20 14:00:57 | Awaiting Analysis | Undergoing Analysis | Vulnerability Status | updated |
| 2023-04-24 14:00:51 | 2023-04-24T13:21:35 | CVE Modified Date | updated | |
| 2023-04-24 14:00:51 | Undergoing Analysis | Analyzed | Vulnerability Status | updated |
| 2023-04-24 14:00:57 | CPE Information | updated |