8.8 - CVE-2020-24681

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Informations
Name	CVE-2020-24681	First vendor Publication	2024-02-02
Vendor	Cve	Last vendor Modification	2024-02-10

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Overall CVSS Score	8.8
Base Score	8.8	Environmental Score	8.8
impact SubScore	6	Temporal Score	8.8
Exploitabality Sub Score	2

Attack Vector	Local	Attack Complexity	Low
Privileges Required	Low	User Interaction	None
Scope	Changed	Confidentiality Impact	High
Integrity Impact	High	Availability Impact	High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score	N/A	Attack Range	N/A
Cvss Impact Score	N/A	Attack Complexity	N/A
Cvss Expoit Score	N/A	Authentication	N/A
Calculate full CVSS 2.0 Vectors scores

Detail

Incorrect Permission Assignment for Critical Resource vulnerability in B&R Industrial Automation Automation Studio allows Privilege Escalation.This issue affects Automation Studio: from 4.6.0 through 4.6.X, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4 SP.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24681

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-732	Incorrect Permission Assignment for Critical Resource (CWE/SANS Top 25)

CPE : Common Platform Enumeration

Type	Description	Count
Application	Br-Automation Automation Studio cpe:2.3:a:br-automation:automation_studio:4.8:::::::* cpe:2.3:a:br-automation:automation_studio:4.7.2:::::::* cpe:2.3:a:br-automation:automation_studio:3.0.90:::::::* cpe:2.3:a:br-automation:automation_studio:3.0.81:::::::* cpe:2.3:a:br-automation:automation_studio:3.0.80:::::::* cpe:2.3:a:br-automation:automation_studio:3.0.71:::::::* cpe:2.3:a:br-automation:automation_studio:2.7:::::::* cpe:2.3:a:br-automation:automation_studio::::::::	8

Sources (Detail)

https://www.br-automation.com/fileadmin/2021-14-BR-AS-NET-PVI-Service-Issues-...

Source	Url

Alert History

If you want to see full details history, please login or register.

Date	Informations
2024-02-10 09:27:41	Multiple Updates
2024-02-03 02:39:21	Multiple Updates
2024-02-03 02:06:02	Multiple Updates
2024-02-02 17:27:24	Multiple Updates
2024-02-02 13:04:53	First insertion

Type	Count
CWE ID(s)	1
CPE ID(s)	8
Sources(s)	1

8.8 - CVE-2020-24681

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

CPE : Common Platform Enumeration

Sources (Detail)

Alert History

Global Informations

Open Standards

COMPANY

STANDARDS

RECENT POSTS

MENU