CVE-2024-0220

HIGH

Br-automation Automation Studio < 4.6 - Cleartext Transmission

Title source: rule
STIX 2.1

Description

B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive data.

References (1)

Scores

CVSS v3 8.3
EPSS 0.0021
EPSS Percentile 42.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-319 CWE-1240 CWE-94
Status published
Products (2)
br-automation/automation_studio < 4.6
br-automation/technology_guarding < 1.4.0
Published Feb 22, 2024
Tracked Since Feb 18, 2026