CVE-2020-24682

low-risk
Published 2024-02-02

Unquoted Search Path or Element vulnerability in B&R Industrial Automation Automation Studio, B&R Industrial Automation NET/PVI allows Target Programs with Elevated Privileges.This issue affects Automation Studio: from 4.0 through 4.6, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4 SP; NET/PVI: from 4.0 through 4.6, from 4.7.0 before 4.7.7, from 4.8.0 before 4.8.6, from 4.9.0 before 4.9.4.

Do I need to act?

-
0.05% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.2/10 High
LOCAL / HIGH complexity

Affected Products (2)

Automation Studio
Automation Net\/Pvi

Affected Vendors

Br-Automation

References (2)

Vendor Advisory https://www.br-automation.com/fileadmin/2021-14-BR-AS-NET-PVI-Service-Issues-c37...
Vendor Advisory https://www.br-automation.com/fileadmin/2021-14-BR-AS-NET-PVI-Service-Issues-c37...
26
/ 100
low-risk
Severity 19/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 7/34 · Low