Description
Improper Authentication vulnerability in B&R Industrial Automation B&R VC4 (VNC-Server modules). This vulnerability may allow an unauthenticated network-based attacker to bypass the authentication mechanism of the VC4 visualization on affected devices. The impact of this vulnerability depends on the functionality provided in the visualization. This issue affects B&R VC4: from 3.* through 3.96.7, from 4.0* through 4.06.7, from 4.1* through 4.16.3, from 4.2* through 4.26.8, from 4.3* through 4.34.6, from 4.4* through 4.45.1, from 4.5* through 4.45.3, from 4.7* through 4.72.9.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- B&R Industrial Automation / B&R VC43.* – 3.96.7
- B&R Industrial Automation / B&R VC44.0* – 4.06.7
- B&R Industrial Automation / B&R VC44.1* – 4.16.3
- B&R Industrial Automation / B&R VC44.2* – 4.26.8
- B&R Industrial Automation / B&R VC44.3* – 4.34.6
- B&R Industrial Automation / B&R VC44.4* – 4.45.1
- B&R Industrial Automation / B&R VC44.5* – 4.45.3
- B&R Industrial Automation / B&R VC44.7* – 4.72.9