CVE-2020-24682
HIGH EPSS 4.5%
Published Feb 2, 20242y ago · Modified Jun 17, 20261w ago
7.8 CVSS 3.1
Published Feb 2, 2024 2y ago
Last Modified Jun 17, 2026 1w ago
Description
Unquoted Search Path or Element vulnerability in B&R Industrial Automation Automation Studio, B&R Industrial Automation NET/PVI allows Target Programs with Elevated Privileges.This issue affects Automation Studio: from 4.0 through 4.6, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4 SP; NET/PVI: from 4.0 through 4.6, from 4.7.0 before 4.7.7, from 4.8.0 before 4.8.6, from 4.9.0 before 4.9.4.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Threat Intelligence
EPSS Exploit Probability
4.5% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-428
Affected Products 8
| Vendor | Product | Version | Range |
|---|---|---|---|
| br-automation | automation_studio | * | <4.7.7.74 |
| br-automation | automation_studio | * | ≥4.8 – <4.8.6.30 |
| br-automation | automation_studio | * | ≥4.9 – <4.9.4.92 |
| microsoft | windows | * | any |
| br-automation | automation_net\/pvi | * | ≥4.0 – <4.7.7 |
| br-automation | automation_net\/pvi | * | ≥4.8 – <4.8.6 |
| br-automation | automation_net\/pvi | * | ≥4.9 – <4.9.4 |
| microsoft | windows | * | any |
References 1
- br-automation.com https://www.br-automation.com/fileadmin/2021-14-BR-AS-NET-PVI-Service-Issues-c3710fbf.pdf
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.