Description
An Uncontrolled Search Path Element vulnerability in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automation mapp View, B&R Industrial Automation mapp Cockpit, B&R Industrial Automation mapp Safety, B&R Industrial Automation VC4, B&R Industrial Automation APROL, B&R Industrial Automation CAN Driver, B&R Industrial Automation CAN Driver CC770, B&R Industrial Automation CAN Driver SJA1000, B&R Industrial Automation Tou0ch Lock, B&R Industrial Automation B&R Single-Touch Driver, B&R Industrial Automation Serial User Mode Touch Driver, B&R Industrial Automation Windows Settings Changer (LTSC), B&R Industrial Automation Windows Settings Changer (2019 LTSC), B&R Industrial Automation Windows 10 Recovery Solution, B&R Industrial Automation ADI driver universal, B&R Industrial Automation ADI Development Kit, B&R Industrial Automation ADI .NET SDK, B&R Industrial Automation SRAM driver, B&R Industrial Automation HMI Service Center, B&R Industrial Automation HMI Service Center Maintenance, B&R Industrial Automation Windows 10 IoT Enterprise 2019 LTSC, B&R Industrial Automation KCF Editor could allow an authenticated local attacker to execute malicious code by placing specially crafted files in the loading search path..This issue affects Scene Viewer: before 4.4.0; Automation Runtime: before J4.93; mapp Vision: before 5.26.1; mapp View: before 5.24.2; mapp Cockpit: before 5.24.2; mapp Safety: before 5.24.2; VC4: before 4.73.2; APROL: before 4.4-01; CAN Driver: before 1.1.0; CAN Driver CC770: before 3.3.0; CAN Driver SJA1000: before 1.3.0; Tou0ch Lock: before 2.1.0; B&R Single-Touch Driver: before 2.0.0; Serial User Mode Touch Driver: before 1.7.1; Windows Settings Changer (LTSC): before 3.2.0; Windows Settings Changer (2019 LTSC): before 2.2.0; Windows 10 Recovery Solution: before 3.2.0; ADI driver universal: before 3.2.0; ADI Development Kit: before 5.5.0; ADI .NET SDK: before 4.1.0; SRAM driver: before 1.2.0; HMI Service Center: before 3.1.0; HMI Service Center Maintenance: before 2.1.0; Windows 10 IoT Enterprise 2019 LTSC: through 1.1; KCF Editor: before 1.1.0.
Analysis
Analysis and contextual insights are available on OpenCVE Cloud.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| B&R Industrial Automation | Scene Viewer | unaffected |
|
||||||
| B&R Industrial Automation | Automation Runtime | unaffected |
|
||||||
| B&R Industrial Automation | mapp Vision | unaffected |
|
||||||
| B&R Industrial Automation | mapp View | unaffected |
|
||||||
| B&R Industrial Automation | mapp Cockpit | unaffected |
|
||||||
| B&R Industrial Automation | mapp Safety | unaffected |
|
||||||
| B&R Industrial Automation | VC4 | unaffected |
|
||||||
| B&R Industrial Automation | APROL | unaffected |
|
||||||
| B&R Industrial Automation | CAN Driver | unaffected |
|
||||||
| B&R Industrial Automation | CAN Driver CC770 | unaffected |
|
||||||
| B&R Industrial Automation | CAN Driver SJA1000 | unaffected |
|
||||||
| B&R Industrial Automation | Tou0ch Lock | unaffected |
|
||||||
| B&R Industrial Automation | B&R Single-Touch Driver | unaffected |
|
||||||
| B&R Industrial Automation | Serial User Mode Touch Driver | unaffected |
|
||||||
| B&R Industrial Automation | Windows Settings Changer (LTSC) | unaffected |
|
||||||
| B&R Industrial Automation | Windows Settings Changer (2019 LTSC) | unaffected |
|
||||||
| B&R Industrial Automation | Windows 10 Recovery Solution | unaffected |
|
||||||
| B&R Industrial Automation | ADI driver universal | unaffected |
|
||||||
| B&R Industrial Automation | ADI Development Kit | unaffected |
|
||||||
| B&R Industrial Automation | ADI .NET SDK | unaffected |
|
||||||
| B&R Industrial Automation | SRAM driver | unaffected |
|
||||||
| B&R Industrial Automation | HMI Service Center | unaffected |
|
||||||
| B&R Industrial Automation | HMI Service Center Maintenance | unaffected |
|
||||||
| B&R Industrial Automation | Windows 10 IoT Enterprise 2019 LTSC | unaffected |
|
||||||
| B&R Industrial Automation | KCF Editor | unaffected |
|
No data.
No data.
No data available yet.
Remediation
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2024-27586 | An Uncontrolled Search Path Element vulnerability in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automation mapp View, B&R Industrial Automation mapp Cockpit, B&R Industrial Automation mapp Safety, B&R Industrial Automation VC4, B&R Industrial Automation APROL, B&R Industrial Automation CAN Driver, B&R Industrial Automation CAN Driver CC770, B&R Industrial Automation CAN Driver SJA1000, B&R Industrial Automation Tou0ch Lock, B&R Industrial Automation B&R Single-Touch Driver, B&R Industrial Automation Serial User Mode Touch Driver, B&R Industrial Automation Windows Settings Changer (LTSC), B&R Industrial Automation Windows Settings Changer (2019 LTSC), B&R Industrial Automation Windows 10 Recovery Solution, B&R Industrial Automation ADI driver universal, B&R Industrial Automation ADI Development Kit, B&R Industrial Automation ADI .NET SDK, B&R Industrial Automation SRAM driver, B&R Industrial Automation HMI Service Center, B&R Industrial Automation HMI Service Center Maintenance, B&R Industrial Automation Windows 10 IoT Enterprise 2019 LTSC, B&R Industrial Automation KCF Editor could allow an authenticated local attacker to execute malicious code by placing specially crafted files in the loading search path..This issue affects Scene Viewer: before 4.4.0; Automation Runtime: before J4.93; mapp Vision: before 5.26.1; mapp View: before 5.24.2; mapp Cockpit: before 5.24.2; mapp Safety: before 5.24.2; VC4: before 4.73.2; APROL: before 4.4-01; CAN Driver: before 1.1.0; CAN Driver CC770: before 3.3.0; CAN Driver SJA1000: before 1.3.0; Tou0ch Lock: before 2.1.0; B&R Single-Touch Driver: before 2.0.0; Serial User Mode Touch Driver: before 1.7.1; Windows Settings Changer (LTSC): before 3.2.0; Windows Settings Changer (2019 LTSC): before 2.2.0; Windows 10 Recovery Solution: before 3.2.0; ADI driver universal: before 3.2.0; ADI Development Kit: before 5.5.0; ADI .NET SDK: before 4.1.0; SRAM driver: before 1.2.0; HMI Service Center: before 3.1.0; HMI Service Center Maintenance: before 2.1.0; Windows 10 IoT Enterprise 2019 LTSC: through 1.1; KCF Editor: before 1.1.0. |
References
History
Thu, 24 Apr 2025 07:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Br-automation
Br-automation automation Runtime Br-automation mapp Cockpit Br-automation mapp View Br-automation mapp Vision Br-automation scene Viewer Br-automation vc4 |
|
| CPEs | cpe:2.3:a:br-automation:automation_runtime:*:*:*:*:*:*:*:* cpe:2.3:a:br-automation:mapp_cockpit:*:*:*:*:*:*:*:* cpe:2.3:a:br-automation:mapp_view:*:*:*:*:*:*:*:* cpe:2.3:a:br-automation:mapp_vision:*:*:*:*:*:*:*:* cpe:2.3:a:br-automation:scene_viewer:*:*:*:*:*:*:*:* cpe:2.3:a:br-automation:vc4:*:*:*:*:*:*:*:* |
|
| Vendors & Products |
Br-automation
Br-automation automation Runtime Br-automation mapp Cockpit Br-automation mapp View Br-automation mapp Vision Br-automation scene Viewer Br-automation vc4 |
|
| Metrics |
ssvc
|
Thu, 24 Apr 2025 07:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | An Uncontrolled Search Path Element vulnerability in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automation mapp View, B&R Industrial Automation mapp Cockpit, B&R Industrial Automation mapp Safety, B&R Industrial Automation VC4 could allow an authenticated local attacker to execute malicious code by placing specially crafted files in the loading search path.This issue affects Scene Viewer: before 4.4.0; Automation Runtime: before J4.93; mapp Vision: before 5.26.1; mapp View: before 5.24.2; mapp Cockpit: before 5.24.2; mapp Safety: before 5.24.2; VC4: before 4.73.2. | An Uncontrolled Search Path Element vulnerability in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automation mapp View, B&R Industrial Automation mapp Cockpit, B&R Industrial Automation mapp Safety, B&R Industrial Automation VC4, B&R Industrial Automation APROL, B&R Industrial Automation CAN Driver, B&R Industrial Automation CAN Driver CC770, B&R Industrial Automation CAN Driver SJA1000, B&R Industrial Automation Tou0ch Lock, B&R Industrial Automation B&R Single-Touch Driver, B&R Industrial Automation Serial User Mode Touch Driver, B&R Industrial Automation Windows Settings Changer (LTSC), B&R Industrial Automation Windows Settings Changer (2019 LTSC), B&R Industrial Automation Windows 10 Recovery Solution, B&R Industrial Automation ADI driver universal, B&R Industrial Automation ADI Development Kit, B&R Industrial Automation ADI .NET SDK, B&R Industrial Automation SRAM driver, B&R Industrial Automation HMI Service Center, B&R Industrial Automation HMI Service Center Maintenance, B&R Industrial Automation Windows 10 IoT Enterprise 2019 LTSC, B&R Industrial Automation KCF Editor could allow an authenticated local attacker to execute malicious code by placing specially crafted files in the loading search path..This issue affects Scene Viewer: before 4.4.0; Automation Runtime: before J4.93; mapp Vision: before 5.26.1; mapp View: before 5.24.2; mapp Cockpit: before 5.24.2; mapp Safety: before 5.24.2; VC4: before 4.73.2; APROL: before 4.4-01; CAN Driver: before 1.1.0; CAN Driver CC770: before 3.3.0; CAN Driver SJA1000: before 1.3.0; Tou0ch Lock: before 2.1.0; B&R Single-Touch Driver: before 2.0.0; Serial User Mode Touch Driver: before 1.7.1; Windows Settings Changer (LTSC): before 3.2.0; Windows Settings Changer (2019 LTSC): before 2.2.0; Windows 10 Recovery Solution: before 3.2.0; ADI driver universal: before 3.2.0; ADI Development Kit: before 5.5.0; ADI .NET SDK: before 4.1.0; SRAM driver: before 1.2.0; HMI Service Center: before 3.1.0; HMI Service Center Maintenance: before 2.1.0; Windows 10 IoT Enterprise 2019 LTSC: through 1.1; KCF Editor: before 1.1.0. |
MITRE
Status: PUBLISHED
Assigner: ABB
Published:
Updated: 2025-04-24T06:52:46.092Z
Reserved: 2024-03-19T08:15:24.368Z
Link: CVE-2024-2637
Vulnrichment
Updated: 2024-08-01T19:18:48.124Z
NVD
Status : Deferred
Published: 2024-05-14T19:15:10.230
Modified: 2026-04-15T00:35:42.020
Link: CVE-2024-2637
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses