Vulnerability Details CVE-2024-0323
The FTP server used on the B&R
Automation Runtime supports unsecure encryption mechanisms, such as SSLv3,
TLSv1.0 and TLS1.1. An network-based attacker can exploit the flaws to conduct
man-in-the-middle attacks or to decrypt communications between the affected product
clients.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 26.8%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2024-0323
-
cpe:2.3:a:br-automation:automation_runtime:2.96
-
cpe:2.3:a:br-automation:automation_runtime:3.00
-
cpe:2.3:a:br-automation:automation_runtime:3.01
-
cpe:2.3:a:br-automation:automation_runtime:3.06
-
cpe:2.3:a:br-automation:automation_runtime:3.07
-
cpe:2.3:a:br-automation:automation_runtime:3.08
-
cpe:2.3:a:br-automation:automation_runtime:3.10
-
cpe:2.3:a:br-automation:automation_runtime:4.00
-
cpe:2.3:a:br-automation:automation_runtime:4.03
-
cpe:2.3:a:br-automation:automation_runtime:4.04
-
cpe:2.3:a:br-automation:automation_runtime:4.10
-
cpe:2.3:a:br-automation:automation_runtime:4.20
-
cpe:2.3:a:br-automation:automation_runtime:4.30
-
cpe:2.3:a:br-automation:automation_runtime:4.40
-
cpe:2.3:a:br-automation:automation_runtime:4.50
-
cpe:2.3:a:br-automation:automation_runtime:4.60
-
cpe:2.3:a:br-automation:automation_runtime:4.63
-
cpe:2.3:a:br-automation:automation_runtime:4.70
-
cpe:2.3:a:br-automation:automation_runtime:4.72
-
cpe:2.3:a:br-automation:automation_runtime:a4.73
-
cpe:2.3:a:br-automation:automation_runtime:d4.63
-
cpe:2.3:a:br-automation:automation_runtime:e4.53
-
cpe:2.3:a:br-automation:automation_runtime:f4.45
-
cpe:2.3:a:br-automation:automation_runtime:g4.93
-
cpe:2.3:a:br-automation:automation_runtime:i4.93