CVE-2023-1617 Information

Description

Improper Authentication vulnerability in B&R Industrial Automation B&R VC4 (VNC-Server modules).  This vulnerability may allow an unauthenticated network-based attacker to bypass the authentication mechanism of the VC4 visualization on affected devices. The impact of this vulnerability depends on the functionality provided in the visualization. This issue affects B&R VC4: from 3. through 3.96.7 from 4.0 through 4.06.7 from 4.1 through 4.16.3 from 4.2 through 4.26.8 from 4.3 through 4.34.6 from 4.4 through 4.45.1 from 4.5 through 4.45.3 from 4.7 through 4.72.9.

Reference

https://www.br-automation.com/downloads_br_productcatalogue/assets/1681046878970-en-original-1.0.pdf