Vulnerability in B&r Automation Runtime
CVE-2020-11637
A memory leak in the TFTP service in B&R Automation Runtime versions <N4.26, <N4.34, <F4.45, <E4.53, <D4.63, <A4.73 and prior could allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition.
EPSS: 0.011 (60.9th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.8 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L.
Affected products
- B&r Automation Runtime — versions unspecified, 4.2x, 4.3x
- Br-automation Automation_runtime
Weakness classification (CWE)
References
- cybersecurity@ch.abb.com (x_refsource_MISC, Vendor Advisory)
Frequently asked questions
- What is CVE-2020-11637?
- CVE-2020-11637 is a medium-severity vulnerability in B&r Automation Runtime, classified under Missing Release of Memory after Effective Lifetime. CVSS score: 5.8/10. Published 2020-10-15.
- How severe is CVE-2020-11637?
- Medium severity. CVSS v3 base score is 5.8 out of 10.