CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-8603: A “Use of a Broken or Risky Cryptographic Algorithm” vulnerability in the SSL/TLS component used in B&R Automation Runtime versions before 6.1 and...

8.2 CVSS

Description

A “Use of a Broken or Risky Cryptographic Algorithm” vulnerability in the SSL/TLS component used in B&R Automation Runtime versions before 6.1 and B&R mapp View versions before 6.1 may be abused by unauthenticated network-based attackers to masquerade as services on impacted devices.

Classification

CVE ID: CVE-2024-8603

CVSS Base Severity: HIGH

CVSS Base Score: 8.2

Affected Products

Vendor: B&R Industrial Automation

Product: Automation Runtime

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.5% (scored less or equal to compared to others)

EPSS Date: 2025-02-13 (when was this score calculated)

References

https://www.br-automation.com/fileadmin/SA25P001-c478fad6.pdf

Timeline

2025-01-16 00:31:07 UTC
CVE

A “Use of a Broken or Risky Cryptographic Algorithm” vulnerability in the SSL/TLS component used in B&R Automation Runtime versions before 6.1 and...
2025-01-28 16:00:23 UTC
All CISA Advisories

B&R Automation Runtime