PatchSiren cyber security CVE debrief
CVE-2024-8603 B&R Industrial Automation CVE debrief
A vulnerability in the SSL/TLS cryptographic implementation of B&R Automation Runtime and B&R mapp View versions prior to 6.1 allows unauthenticated network-based attackers to impersonate services on affected devices. The issue stems from use of a broken or risky cryptographic algorithm in the SSL/TLS component. Successful exploitation could enable attackers to masquerade as legitimate services, potentially facilitating man-in-the-middle attacks or unauthorized access to industrial control systems. The vulnerability was disclosed on January 15, 2025, with a CVSS 3.1 score of 7.5 (HIGH severity).
- Vendor
- B&R Industrial Automation
- Product
- B&R Automation Runtime
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-01-15
- Original CVE updated
- 2025-01-15
- Advisory published
- 2025-01-15
- Advisory updated
- 2025-01-15
Who should care
Organizations operating B&R industrial automation systems, particularly those using Automation Runtime or mapp View versions prior to 6.1 for certificate generation. Critical infrastructure operators, manufacturing facilities, and industrial control system administrators should prioritize assessment and patching. Organizations with production machines relying on self-signed certificates from these products face elevated risk.
Technical summary
The vulnerability exists in the SSL/TLS component of B&R Automation Runtime and B&R mapp View versions prior to 6.1. The implementation uses a broken or risky cryptographic algorithm that can be exploited by unauthenticated attackers on the network to masquerade as services on impacted devices. This weakness in the certificate handling or cryptographic implementation could allow attackers to present fraudulent certificates that affected systems would accept as valid. The attack requires network access but no authentication, privileges, or user interaction. The primary impact is to integrity, with attackers able to impersonate legitimate services. The fix involves updating to version 6.1, which corrects the cryptographic implementation. Organizations using affected versions to generate self-signed certificates on production machines should prioritize patching.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade B&R Automation Runtime to version 6.1 or later
- Upgrade B&R mapp View to version 6.1 or later
- Implement B&R's defense in depth security strategy for industrial automation systems
- Review and replace any self-signed certificates generated by affected versions on production machines
- Apply network segmentation to limit exposure of industrial control systems
- Monitor for anomalous SSL/TLS certificate behavior on affected devices
- Consult B&R security advisory SA25P001 for detailed remediation guidance
Evidence notes
The vulnerability affects B&R Automation Runtime versions <6.1 and B&R mapp View versions <6.1. The issue is classified as CWE-327 (Use of a Broken or Risky Cryptographic Algorithm) in the SSL/TLS component. CISA published advisory ICSA-25-028-01 on January 15, 2025, with initial version 1.0.0. The CVSS vector indicates network attack vector, low attack complexity, no privileges required, no user interaction, and high impact to integrity.
Official resources
-
CVE-2024-8603 CVE record
CVE.org
-
CVE-2024-8603 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-01-15