CVE-2024-10490

Description

An “Authentication Bypass Using an Alternate Path or Channel” vulnerability in the OPC UA Server configuration required for B&R mapp Cockpit before 6.0, B&R mapp View before 6.0, B&R mapp Services before 6.0, B&R mapp Motion before 6.0 and B&R mapp Vision before 6.0 may be used by an unauthenticated network-based attacker to cause information disclosure, unintended change of data, or denial of service conditions. B&R mapp Services is only affected, when mpUserX or mpCodeBox are used in the Automation Studio project.

CVSS breakdown

CVSS 4.0

Attack Vector

Network

Attack Complexity

Low

Attack Requirements

Present

Privileges Required

None

User Interaction

None

Confidentiality (Vulnerable System)

Low

Integrity (Vulnerable System)

High

Availability (Vulnerable System)

High

Confidentiality (Subsequent System)

None

Integrity (Subsequent System)

None

Availability (Subsequent System)

None

Affected products

B&R Industrial Automation GmbH / B&R mapp Cockpit5.0;0 – 6.0;0
B&R Industrial Automation GmbH / B&R mapp Motion5.0 – 6.0
B&R Industrial Automation GmbH / B&R mapp Services5.0 – 6.0
B&R Industrial Automation GmbH / B&R mapp View5.0 – 6.0
B&R Industrial Automation GmbH / B&R mapp Vision5.0 – 6.0

References

MISChttps://www.br-automation.com/fileadmin/SA22P014-90c4aa35.pdf