CVE-2020-24681
HIGH
Published Feb 2, 20242y ago · Modified Jun 17, 20261w ago
8.8 CVSS 3.1
Published Feb 2, 2024 2y ago
Last Modified Jun 17, 2026 1w ago
Description
Incorrect Permission Assignment for Critical Resource vulnerability in B&R Industrial Automation Automation Studio allows Privilege Escalation.This issue affects Automation Studio: from 4.6.0 through 4.6.X, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4 SP.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Changed
Confidentiality High
Integrity High
Availability High
Threat Intelligence
No active exploitation signals — not in CISA KEV and no EPSS score yet.
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-732
Affected Products 4
| Vendor | Product | Version | Range |
|---|---|---|---|
| br-automation | automation_studio | * | ≥4.0 – <4.7.7.74 |
| br-automation | automation_studio | * | ≥4.8 – <4.8.6.30 |
| br-automation | automation_studio | * | ≥4.9 – <4.9.4.92 |
| microsoft | windows | * | any |
References 1
- br-automation.com https://www.br-automation.com/fileadmin/2021-14-BR-AS-NET-PVI-Service-Issues-c3710fbf.pdf
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.