{ "document": { "category": "csaf_security_advisory", "csaf_version": "2.0", "tracking": { "generator": { "date": "2025-04-07T06:14:15.762Z", "engine": { "version": "2.5.22", "name": "Secvisogram" } }, "id": "SA24P005", "current_release_date": "2025-04-03T03:30:00.000Z", "initial_release_date": "2025-01-15T03:30:00.000Z", "status": "final", "version": "1.2.0", "revision_history": [ { "date": "2024-05-14T03:30:00.000Z", "number": "1.0.0", "summary": "Initial version." }, { "date": "2025-01-15T03:30:00.000Z", "number": "1.1.0", "summary": "Other products to be impacted, Release status of mapp Safety." }, { "date": "2025-04-03T06:30:00.000Z", "number": "1.2.0", "summary": "KCF Editor to be impacted " } ] }, "distribution": { "tlp": { "label": "WHITE" } }, "notes": [ { "category": "summary", "title": "Summary", "text": "Updates are available that resolve a vulnerability in the product versions listed as affected in the following section.\nAn authenticated local attacker who successfully exploited this vulnerability could insert and run arbitrary code using legitimate B&R software.\n" }, { "category": "general", "text": "Strengthen installation folder permissions\nTo avoid the replacement of legitimate with malicious DLL, ensure that the B&R software installation folders are only writable by privileged users.\nEnsure Safe DLL search mode is enabled\nSafe DLL search mode is enabled by default on Windows operating systems. However, there might be\nscenarios where this is disabled. For more information, please refer to the Reference section.\nFollow least-privilege principles and ensure the physical security of the computers\nEnsure that only authorized users have access to the computers and that their privileges are restricted to\nthe minimum necessary (least-privilege principle).\nRefer to section “General security recommendations” for further advice on how to keep your system secure.", "title": "Mitigating factors" }, { "category": "other", "text": "For any installation of software-related B&R products we strongly recommend the following (non-exhaustive) list of cyber security practices:\n– Isolate special purpose networks (e.g. for automation systems) and remote devices behind firewalls\nand separate them from any general purpose network (e.g. office or home networks).\n– Install physical controls so no unauthorized personnel can access your devices, components, peripheral equipment, and networks.\n– Never connect programming software or computers containing programing software to any network other than the network for the devices that it is intended for.\n– Scan all data imported into your environment before use to detect potential malware infections.\n– Minimize network exposure for all applications and endpoints to ensure that they are not accessible\nfrom the Internet unless they are designed for such exposure and the intended use requires such.\n– Ensure all nodes are always up to date in terms of installed software, operating system and firmware\npatches as well as anti-virus and firewall.\n– When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). Recognize that VPNs may have vulnerabilities and should be updated to the most current version available. Also, understand that VPNs are only as secure as the connected devices.", "title": "General security recommendations" }, { "category": "legal_disclaimer", "text": "The information in this document is subject to change without notice, and should not be construed as a\ncommitment by B&R.\nB&R provides no warranty, express or implied, including warranties of merchantability and fitness for a\nparticular purpose, for the information contained in this document, and assumes no responsibility for\nany errors that may appear in this document. In no event shall B&R or any of its suppliers be liable for direct, indirect, special, incidental or consequential damages of any nature or kind arising from the use of\nthis document, or from the use of any hardware or software described in this document, even if B&R or\nits suppliers have been advised of the possibility of such damages.\nThis document and parts hereof must not be reproduced or copied without written permission from\nB&R, and the contents hereof must not be imparted to a third party nor used for any unauthorized purpose.\nAll rights to registrations and trademarks reside with their respective owners.", "title": "Notice" }, { "category": "other", "text": "For additional instructions and support please contact your local B&R service organization. For contact\ninformation, see https://www.br-automation.com/en/about-us/locations/.\nInformation about ABB’s cyber security program and capabilities can be found at www.abb.com/cybersecurity.", "title": "Support" } ], "publisher": { "category": "vendor", "namespace": "https://global.abb/group/en/technology/cyber-security/alerts-and-notifications", "name": "ABB PSIRT" }, "references": [ { "summary": "B&R Advisory Link", "url": "https://www.br-automation.com/fileadmin/SA24P005_Insecure_Loading_of_Code-c7d9e49c.pdf" }, { "summary": "Microsoft, \"Dynamic-link library search order,\" 2 February 2023. [Online].\n", "url": "https://learn.microsoft.com/en-us/windows/win32/dlls/dynamic-link-library-search-order#searchorder-for-unpackaged-apps" } ], "lang": "en", "title": "Insecure Loading of Code in B&R Products" }, "product_tree": { "branches": [ { "category": "vendor", "name": "B&R", "branches": [ { "category": "product_name", "name": "Scene Viewer ", "branches": [ { "category": "product_version_range", "name": "< 4.4", "product": { "name": "Scene Viewer < 4.4", "product_id": "AV1" } }, { "category": "product_version", "name": "4.4.0", "product": { "product_id": "FX1", "name": "Scene Viewer 4.4.0" } } ] }, { "category": "product_family", "name": "Automation Runtime", "branches": [ { "category": "product_name", "name": "Automation Runtime Simulation", "branches": [ { "category": "product_version_range", "name": "<= I4.93", "product": { "name": "Automation Runtime Simulation <= I4.93", "product_id": "AV2" } }, { "category": "product_version", "name": "J4.93", "product": { "name": "Automation Runtime Simulation J4.93", "product_id": "FX2" } } ] }, { "category": "product_name", "name": "B&R Hypervisor Installer", "branches": [ { "category": "product_version_range", "name": "<= I4.93", "product": { "name": "B&R Hypervisor Installer <= I4.93", "product_id": "AV3" } }, { "name": "J4.93", "category": "product_version", "product": { "name": "B&R Hypervisor Installer J4.93", "product_id": "FX3" } } ] } ] }, { "category": "product_name", "name": "mapp Vision", "branches": [ { "category": "product_version_range", "name": "<5.26.1 ", "product": { "name": "mapp Vision < 5.26.1 ", "product_id": "AV4" } }, { "category": "product_version", "name": "5.26.1", "product": { "name": "mapp Vision 5.26.1", "product_id": "FX4" } } ] }, { "category": "product_name", "name": "mapp View", "branches": [ { "category": "product_version_range", "name": "< 5.24.2", "product": { "name": "mapp View < 5.24.2", "product_id": "AV5" } }, { "category": "product_version", "name": "5.24.2", "product": { "name": "mapp View 5.24.2", "product_id": "FX5" } } ] }, { "category": "product_name", "name": "mapp Cockpit ", "branches": [ { "category": "product_version_range", "name": "< 5.24.2", "product": { "name": "mapp Cockpit < 5.24.2", "product_id": "AV6" } }, { "category": "product_version", "name": "5.24.2", "product": { "name": "mapp Cockpit 5.24.2", "product_id": "FX6" } } ] }, { "category": "product_name", "name": "mapp Safety", "branches": [ { "product": { "name": "mapp Safety < 5.24.2", "product_id": "AV7" }, "category": "product_version_range", "name": "< 5.24.2" }, { "product": { "name": "mapp Safety 5.24.2", "product_id": "FX7" }, "category": "product_version", "name": "5.24.2" } ] }, { "category": "product_name", "name": "Visual Components (VC) 4 ", "branches": [ { "product": { "name": "Visual Components (VC) 4 < 4.73.2", "product_id": "AV8" }, "category": "product_version_range", "name": "< 4.73.2" }, { "product": { "name": "Visual Components (VC) 4 - 4.73.2", "product_id": "FX8" }, "category": "product_version", "name": "4.73.2" } ] }, { "category": "product_name", "name": "B&R APROL", "branches": [ { "category": "product_version_range", "name": "< 4.4-01", "product": { "name": "B&R APROL < 4.4-01", "product_id": "AV9" } }, { "category": "product_version", "name": "4.4-01", "product": { "name": "B&R APROL 4.4-01", "product_id": "FX9" } } ] }, { "category": "product_name", "name": "CAN Driver", "branches": [ { "category": "product_version_range", "name": "< 1.1.0", "product": { "name": "CAN Driver < 1.1.0", "product_id": "AV10" } }, { "category": "product_version", "name": "1.1.0", "product": { "name": "CAN Driver 1.1.0 ", "product_id": "FX10" } } ] }, { "category": "product_name", "name": "CAN driver CC770 ", "branches": [ { "category": "product_version_range", "name": "< 3.3.0", "product": { "name": "CAN driver CC770 < 3.3.0", "product_id": "AV11" } }, { "category": "product_version", "name": "3.3.0", "product": { "name": "CAN driver CC770 - 3.3.0", "product_id": "FX11" } } ] }, { "category": "product_name", "name": "CAN driver SJA1000 ", "branches": [ { "category": "product_version_range", "name": "< 1.3.0", "product": { "name": "CAN driver SJA1000 < 1.3.0", "product_id": "AV12" } }, { "category": "product_version", "name": "1.3.0", "product": { "name": "CAN driver SJA1000 1.3.0", "product_id": "FX12" } } ] }, { "category": "product_name", "name": "Toch Lock", "branches": [ { "category": "product_version_range", "name": "< 2.1.0", "product": { "name": "Toch Lock < 2.1.0", "product_id": "AV13" } }, { "category": "product_version", "name": "2.1.0", "product": { "name": "Toch Lock 2.1.0", "product_id": "FX13" } } ] }, { "category": "product_name", "name": "B&R Single-Touch Driver", "branches": [ { "category": "product_version_range", "name": "< 2.0.0", "product": { "name": "B&R Single-Touch Driver < 2.0.0", "product_id": "AV14" } }, { "category": "product_version", "name": "2.0.0", "product": { "name": "B&R Single-Touch Driver 2.0.0", "product_id": "FX14" } } ] }, { "category": "product_name", "name": "Serial User Mode Touch Driver ", "branches": [ { "category": "product_version_range", "name": "< 1.7.1", "product": { "name": "Serial User Mode Touch Driver < 1.7.1", "product_id": "AV15" } }, { "category": "product_version", "name": "1.7.1", "product": { "name": "Serial User Mode Touch Driver 1.7.1", "product_id": "FX15" } } ] }, { "category": "product_name", "name": "Windows Settings Changer (2021 LTSC)", "branches": [ { "product": { "name": "Windows Settings Changer (2021 LTSC) < 3.2.0", "product_id": "AV16" }, "category": "product_version_range", "name": "< 3.2.0" }, { "product": { "name": "Windows Settings Changer (2021 LTSC) 3.2.0", "product_id": "FX16" }, "category": "product_version", "name": "3.2.0" } ] }, { "category": "product_name", "name": "Windows Settings Changer (2019 LTSC) ", "branches": [ { "category": "product_version_range", "name": "< 2.2.0", "product": { "name": "Windows Settings Changer (2019 LTSC) < 2.2.0", "product_id": "AV17" } }, { "category": "product_version", "name": "2.2.0", "product": { "name": "Windows Settings Changer (2019 LTSC) 2.2.0", "product_id": "FX17" } } ] }, { "category": "product_name", "name": "Windows 10 Recovery Solution", "branches": [ { "category": "product_version_range", "name": "< 3.2.0", "product": { "name": "Windows 10 Recovery Solution < 3.2.0", "product_id": "AV18" } }, { "category": "product_version", "name": "3.2.0", "product": { "name": "Windows 10 Recovery Solution 3.2.0", "product_id": "FX18" } } ] }, { "category": "product_name", "name": "ADI driver universal ", "branches": [ { "category": "product_version_range", "name": "< 3.2.0", "product": { "name": "ADI driver universal < 3.2.0", "product_id": "AV19" } }, { "category": "product_version", "name": "3.2.0", "product": { "name": "ADI driver universal 3.2.0", "product_id": "FX19" } } ] }, { "category": "product_name", "name": "ADI Development Kit", "branches": [ { "category": "product_version_range", "product": { "name": "ADI Development Kit < 5.5.0", "product_id": "AV20" }, "name": "< 5.5.0" }, { "product": { "name": "ADI Development Kit 5.5.0", "product_id": "FX20" }, "category": "product_version", "name": "5.5.0" } ] }, { "category": "product_name", "name": "ADI .NET SDK", "branches": [ { "category": "product_version_range", "name": "< 4.1.0", "product": { "name": "ADI .NET SDK < 4.1.0", "product_id": "AV21" } }, { "category": "product_version", "name": "4.1.0", "product": { "name": "ADI .NET SDK 4.1.0", "product_id": "FX21" } } ] }, { "category": "product_name", "name": "SRAM driver ", "branches": [ { "category": "product_version_range", "name": "< 1.2.0", "product": { "name": "SRAM driver < 1.2.0", "product_id": "AV22" } }, { "category": "product_version", "name": "1.2.0", "product": { "name": "SRAM driver 1.2.0", "product_id": "FX22" } } ] }, { "category": "product_name", "name": "HMI Service Center", "branches": [ { "category": "product_version_range", "name": "<1.1.0", "product": { "name": "HMI Service Center < 3.1.0", "product_id": "AV23" } }, { "category": "product_version", "name": "1.1.0", "product": { "name": "HMI Service Center 3.1.0", "product_id": "FX23" } } ] }, { "name": "HMI Service Center Maintenance", "branches": [ { "product": { "name": "HMI Service Center Maintenance < 2.1.0", "product_id": "AV24" }, "name": "<2.1.0", "category": "product_version_range" }, { "product": { "name": "HMI Service Center Maintenance 2.1.0", "product_id": "FX24" }, "name": "2.1.0", "category": "product_version_range" } ], "category": "product_name" }, { "branches": [ { "name": "<=1.1", "product": { "name": "Windows 10 IoT Enterprise 2019 LTSC <= 1.1", "product_id": "AV25" }, "category": "product_version_range" }, { "category": "product_version_range", "name": "Windows 10 IoT Enterprise 2021 LTSC", "product": { "name": "Update to Windows 10 IoT Enterprise 2021 LTSC", "product_id": "FX25" } } ], "name": "Windows 10 IoT Enterprise 2019 LTSC", "category": "product_name" }, { "name": "KCF Editor", "category": "product_name", "branches": [ { "product": { "name": "KCF Editor < 1.1.0", "product_id": "AV26" }, "category": "product_version_range", "name": "<1.1.0" }, { "product": { "product_id": "FX26", "name": "KCF Editor 1.1.0" }, "name": "1.1.0", "category": "product_version_range" } ] } ] } ] }, "vulnerabilities": [ { "cve": "CVE-2024-2637", "title": "CVE-2024-2637", "cwe": { "id": "CWE-427", "name": "Uncontrolled Search Path Element" }, "notes": [ { "category": "description", "text": "An uncontrolled search path element vulnerability in several B&R software products could allow an authenticated local attacker to execute malicious code by placing specially crafted files in the loading search\npath.", "title": "CVE Description" } ], "product_status": { "fixed": [ "FX1", "FX2", "FX3", "FX4", "FX5", "FX6", "FX7", "FX8", "FX9", "FX10", "FX11", "FX12", "FX13", "FX14", "FX15", "FX16", "FX17", "FX18", "FX19", "FX20", "FX21", "FX22", "FX23", "FX24", "FX25", "FX26" ], "known_affected": [ "AV1", "AV2", "AV3", "AV4", "AV5", "AV6", "AV7", "AV8", "AV9", "AV10", "AV11", "AV12", "AV13", "AV14", "AV15", "AV16", "AV17", "AV18", "AV19", "AV20", "AV21", "AV22", "AV23", "AV24", "AV25", "AV26" ] }, "references": [ { "category": "self", "summary": "NVD - CVE-2024-2637\n", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2637" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C", "baseScore": 7.2, "baseSeverity": "HIGH", "temporalScore": 6.9, "temporalSeverity": "MEDIUM", "environmentalScore": 7, "environmentalSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "exploitCodeMaturity": "HIGH", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED" }, "products": [ "AV1", "AV2", "AV3", "AV4", "AV5", "AV6", "AV7", "AV8", "AV9", "AV10", "AV11", "AV12", "AV13", "AV14", "AV15", "AV16", "AV17", "AV18", "AV19", "AV20", "AV21", "AV22", "AV23", "AV24", "AV25", "AV26" ] } ], "remediations": [ { "product_ids": [ "AV1", "AV2", "AV3", "AV4", "AV5", "AV6", "AV7", "AV8", "AV9", "AV10", "AV11", "AV12", "AV13", "AV14", "AV15", "AV16", "AV17", "AV18", "AV19", "AV20", "AV21", "AV22", "AV23", "AV24", "AV25", "AV26" ], "details": "The problem has been fixed as described above.\n\nB&R recommends that customers apply the update at their earliest convenience.\nThe process to install updates is described in the user manual. The step to identify the installed product\nversion is described in the user manual.", "category": "vendor_fix" } ] } ] }