Vulnerability Details CVE-2023-1617
Improper Authentication vulnerability in B&R Industrial Automation B&R VC4 (VNC-Server modules). This vulnerability may allow an unauthenticated network-based attacker to bypass the authentication mechanism of the VC4 visualization on affected devices. The impact of this vulnerability depends on the functionality provided in the visualization.
This issue affects B&R VC4: from 3.* through 3.96.7, from 4.0* through 4.06.7, from 4.1* through 4.16.3, from 4.2* through 4.26.8, from 4.3* through 4.34.6, from 4.4* through 4.45.1, from 4.5* through 4.45.3, from 4.7* through 4.72.9.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 28.4%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2023-1617
-
cpe:2.3:a:br-automation:vc4:-
-
cpe:2.3:a:br-automation:vc4:3.96.7
-
cpe:2.3:a:br-automation:vc4:4.0.0
-
cpe:2.3:a:br-automation:vc4:4.06.4
-
cpe:2.3:a:br-automation:vc4:4.10.0
-
cpe:2.3:a:br-automation:vc4:4.16.3
-
cpe:2.3:a:br-automation:vc4:4.20.0
-
cpe:2.3:a:br-automation:vc4:4.26.8
-
cpe:2.3:a:br-automation:vc4:4.30.0
-
cpe:2.3:a:br-automation:vc4:4.34.6
-
cpe:2.3:a:br-automation:vc4:4.40.0
-
cpe:2.3:a:br-automation:vc4:4.45.1
-
cpe:2.3:a:br-automation:vc4:4.50.0
-
cpe:2.3:a:br-automation:vc4:4.53.0
-
cpe:2.3:a:br-automation:vc4:4.70.0
-
cpe:2.3:a:br-automation:vc4:4.72.9