Vulnerabilities (CVE)

Filtered by CWE-1240
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-37137 2024-11-21 N/A 3.8 LOW
Dell Key Trust Platform, v3.0.6 and prior, contains Use of a Cryptographic Primitive with a Risky Implementation vulnerability. A local privileged attacker could potentially exploit this vulnerability, leading to privileged information disclosure.
CVE-2024-0323 1 Br-automation 1 Automation Runtime 2024-11-21 N/A 9.8 CRITICAL
The FTP server used on the B&R Automation Runtime supports unsecure encryption mechanisms, such as SSLv3, TLSv1.0 and TLS1.1. An network-based attacker can exploit the flaws to conduct man-in-the-middle attacks or to decrypt communications between the affected product clients.
CVE-2024-0220 2024-11-21 N/A 8.3 HIGH
B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive data.
CVE-2023-51392 2024-11-21 N/A 6.2 MEDIUM
Ember ZNet between v7.2.0 and v7.4.0 used software AES-CCM instead of integrated hardware cryptographic accelerators, potentially increasing risk of electromagnetic and differential power analysis sidechannel attacks.