Lucene search

ABBCVE-2023-3242

HistoryJul 26, 2023 - 6:15 p.m.

CVE-2023-3242

2023-07-2618:15:11

CWE-770

CWE-665

ABB

web.nvd.nist.gov

cve-2023-3242

resource allocation

throttling

vulnerability

b&r industrial automation

nvd

race conditions

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

AI Score

5.7

Confidence

High

EPSS

0.001

Percentile

34.1%

JSON

Improper initialization implementation in Portmapper used in B&R Industrial Automation Automation Runtime <G4.93 allows unauthenticated network-based attackers to cause permanent denial-of-service conditions.

Affected configurations

Nvd

Node

br-automationautomation_runtimeRange<g4.93

VendorProductVersionCPE
br-automationautomation_runtime*cpe:2.3:a:br-automation:automation_runtime:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
br-automation	automation_runtime	*	cpe:2.3:a:br-automation:automation_runtime::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "B&R Automation Runtime",
    "vendor": "B&R Industrial Automation",
    "versions": [
      {
        "status": "affected",
        "version": "<G4.93"
      }
    ]
  }
]

References

www.br-automation.com/downloads_br_productcatalogue/assets/1689787619746-en-original-1.0.pdf

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

AI Score

5.7

Confidence

High

EPSS

0.001

Percentile

34.1%

JSON

Related for CVE-2023-3242