{"cve":{"cve_id":"CVE-2024-2637","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.00168,"epss_percentile":0.06305,"epss_as_of":"2026-06-23","description":"An Uncontrolled Search Path Element vulnerability in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automation mapp View, B&R Industrial Automation mapp Cockpit, B&R Industrial Automation mapp Safety, B&R Industrial Automation VC4, B&R Industrial Automation APROL, B&R Industrial Automation CAN Driver, B&R Industrial Automation CAN Driver CC770, B&R Industrial Automation CAN Driver SJA1000, B&R Industrial Automation Tou0ch Lock, B&R Industrial Automation B&R Single-Touch Driver, B&R Industrial Automation Serial User Mode Touch Driver, B&R Industrial Automation Windows Settings Changer (LTSC), B&R Industrial Automation Windows Settings Changer (2019 LTSC), B&R Industrial Automation Windows 10 Recovery Solution, B&R Industrial Automation ADI driver universal, B&R Industrial Automation ADI Development Kit, B&R Industrial Automation ADI .NET SDK, B&R Industrial Automation SRAM driver, B&R Industrial Automation HMI Service Center, B&R Industrial Automation HMI Service Center Maintenance, B&R Industrial Automation Windows 10 IoT Enterprise 2019 LTSC, B&R Industrial Automation KCF Editor could allow an authenticated local attacker to execute malicious code by placing specially crafted files in the loading search path..This issue affects Scene Viewer: before 4.4.0; Automation Runtime: before J4.93; mapp Vision: before 5.26.1; mapp View: before 5.24.2; mapp Cockpit: before 5.24.2; mapp Safety: before 5.24.2; VC4: before 4.73.2; APROL: before 4.4-01; CAN Driver: before 1.1.0; CAN Driver CC770: before 3.3.0; CAN Driver SJA1000: before 1.3.0; Tou0ch Lock: before 2.1.0; B&R Single-Touch Driver: before 2.0.0; Serial User Mode Touch Driver: before 1.7.1; Windows Settings Changer (LTSC): before 3.2.0; Windows Settings Changer (2019 LTSC): before 2.2.0; Windows 10 Recovery Solution: before 3.2.0; ADI driver universal: before 3.2.0; ADI Development Kit: before 5.5.0; ADI .NET SDK: before 4.1.0; SRAM driver: before 1.2.0; HMI Service Center: before 3.1.0; HMI Service Center Maintenance: before 2.1.0; Windows 10 IoT Enterprise 2019 LTSC: through 1.1; KCF Editor: before 1.1.0.","published_at":"2024-05-14T18:49:28.624000Z","last_modified_at":null,"cvss_v3_score":7.2,"cvss_v3_vector":"CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H","cvss_v3_severity":"HIGH","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":"none","ssvc_automatable":false,"ssvc_technical_impact":"total","cwes":["CWE-427"],"nvd_references":["https://www.br-automation.com/fileadmin/SA24P005_Insecure_Loading_of_Code-c7d9e49c.pdf"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-29T01:57:11.927927Z"},"effective_severity":"HIGH","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"L","value_label":"Local"},{"metric":"AC","name":"Attack Complexity","value":"H","value_label":"High"},{"metric":"PR","name":"Privileges Required","value":"H","value_label":"High"},{"metric":"UI","name":"User Interaction","value":"R","value_label":"Required"},{"metric":"S","name":"Scope","value":"C","value_label":"Changed"},{"metric":"C","name":"Confidentiality","value":"H","value_label":"High"},{"metric":"I","name":"Integrity","value":"H","value_label":"High"},{"metric":"A","name":"Availability","value":"H","value_label":"High"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"b-r-industrial-automation","vendor_name":"B&R Industrial Automation","product_slug":"adi-development-kit","product_name":"ADI Development Kit","version_start":"0","version_start_inclusive":true,"version_end":"5.5.0","version_end_inclusive":false,"cpe23_uri":"cve5:b-r-industrial-automation:adi-development-kit:0:5.5.0"},{"vendor_slug":"b-r-industrial-automation","vendor_name":"B&R Industrial Automation","product_slug":"adi-driver-universal","product_name":"ADI driver universal","version_start":"0","version_start_inclusive":true,"version_end":"3.2.0","version_end_inclusive":false,"cpe23_uri":"cve5:b-r-industrial-automation:adi-driver-universal:0:3.2.0"},{"vendor_slug":"b-r-industrial-automation","vendor_name":"B&R Industrial Automation","product_slug":"adi-.net-sdk","product_name":"ADI .NET SDK","version_start":"0","version_start_inclusive":true,"version_end":"4.1.0","version_end_inclusive":false,"cpe23_uri":"cve5:b-r-industrial-automation:adi-.net-sdk:0:4.1.0"},{"vendor_slug":"b-r-industrial-automation","vendor_name":"B&R Industrial Automation","product_slug":"aprol","product_name":"APROL","version_start":"0","version_start_inclusive":true,"version_end":"4.4-01","version_end_inclusive":false,"cpe23_uri":"cve5:b-r-industrial-automation:aprol:0:4.4-01"},{"vendor_slug":"b-r-industrial-automation","vendor_name":"B&R Industrial Automation","product_slug":"automation-runtime","product_name":"Automation Runtime","version_start":"0","version_start_inclusive":true,"version_end":"J4.93","version_end_inclusive":false,"cpe23_uri":"cve5:b-r-industrial-automation:automation-runtime:0:J4.93"},{"vendor_slug":"b-r-industrial-automation","vendor_name":"B&R Industrial Automation","product_slug":"b-r-single-touch-driver","product_name":"B&R Single-Touch Driver","version_start":"0","version_start_inclusive":true,"version_end":"2.0.0","version_end_inclusive":false,"cpe23_uri":"cve5:b-r-industrial-automation:b-r-single-touch-driver:0:2.0.0"},{"vendor_slug":"b-r-industrial-automation","vendor_name":"B&R Industrial Automation","product_slug":"can-driver","product_name":"CAN Driver","version_start":"0","version_start_inclusive":true,"version_end":"1.1.0","version_end_inclusive":false,"cpe23_uri":"cve5:b-r-industrial-automation:can-driver:0:1.1.0"},{"vendor_slug":"b-r-industrial-automation","vendor_name":"B&R Industrial Automation","product_slug":"can-driver-cc770","product_name":"CAN Driver CC770","version_start":"0","version_start_inclusive":true,"version_end":"3.3.0","version_end_inclusive":false,"cpe23_uri":"cve5:b-r-industrial-automation:can-driver-cc770:0:3.3.0"},{"vendor_slug":"b-r-industrial-automation","vendor_name":"B&R Industrial Automation","product_slug":"can-driver-sja1000","product_name":"CAN Driver SJA1000","version_start":"0","version_start_inclusive":true,"version_end":"1.3.0","version_end_inclusive":false,"cpe23_uri":"cve5:b-r-industrial-automation:can-driver-sja1000:0:1.3.0"},{"vendor_slug":"b-r-industrial-automation","vendor_name":"B&R Industrial Automation","product_slug":"hmi-service-center","product_name":"HMI Service Center","version_start":"0","version_start_inclusive":true,"version_end":"3.1.0","version_end_inclusive":false,"cpe23_uri":"cve5:b-r-industrial-automation:hmi-service-center:0:3.1.0"},{"vendor_slug":"b-r-industrial-automation","vendor_name":"B&R Industrial Automation","product_slug":"hmi-service-center-maintenance","product_name":"HMI Service Center Maintenance","version_start":"0","version_start_inclusive":true,"version_end":"2.1.0","version_end_inclusive":false,"cpe23_uri":"cve5:b-r-industrial-automation:hmi-service-center-maintenance:0:2.1.0"},{"vendor_slug":"b-r-industrial-automation","vendor_name":"B&R Industrial Automation","product_slug":"kcf-editor","product_name":"KCF Editor","version_start":"0","version_start_inclusive":true,"version_end":"1.1.0","version_end_inclusive":false,"cpe23_uri":"cve5:b-r-industrial-automation:kcf-editor:0:1.1.0"},{"vendor_slug":"b-r-industrial-automation","vendor_name":"B&R Industrial Automation","product_slug":"mapp-cockpit","product_name":"mapp Cockpit","version_start":"0","version_start_inclusive":true,"version_end":"5.24.2","version_end_inclusive":false,"cpe23_uri":"cve5:b-r-industrial-automation:mapp-cockpit:0:5.24.2"},{"vendor_slug":"b-r-industrial-automation","vendor_name":"B&R Industrial Automation","product_slug":"mapp-safety","product_name":"mapp Safety","version_start":"0","version_start_inclusive":true,"version_end":"5.24.2","version_end_inclusive":false,"cpe23_uri":"cve5:b-r-industrial-automation:mapp-safety:0:5.24.2"},{"vendor_slug":"b-r-industrial-automation","vendor_name":"B&R Industrial Automation","product_slug":"mapp-view","product_name":"mapp View","version_start":"0","version_start_inclusive":true,"version_end":"5.24.2","version_end_inclusive":false,"cpe23_uri":"cve5:b-r-industrial-automation:mapp-view:0:5.24.2"},{"vendor_slug":"b-r-industrial-automation","vendor_name":"B&R Industrial Automation","product_slug":"mapp-vision","product_name":"mapp Vision","version_start":"0","version_start_inclusive":true,"version_end":"5.26.1","version_end_inclusive":false,"cpe23_uri":"cve5:b-r-industrial-automation:mapp-vision:0:5.26.1"},{"vendor_slug":"b-r-industrial-automation","vendor_name":"B&R Industrial Automation","product_slug":"scene-viewer","product_name":"Scene Viewer","version_start":"0","version_start_inclusive":true,"version_end":"4.4.0","version_end_inclusive":false,"cpe23_uri":"cve5:b-r-industrial-automation:scene-viewer:0:4.4.0"},{"vendor_slug":"b-r-industrial-automation","vendor_name":"B&R Industrial Automation","product_slug":"serial-user-mode-touch-driver","product_name":"Serial User Mode Touch Driver","version_start":"0","version_start_inclusive":true,"version_end":"1.7.1","version_end_inclusive":false,"cpe23_uri":"cve5:b-r-industrial-automation:serial-user-mode-touch-driver:0:1.7.1"},{"vendor_slug":"b-r-industrial-automation","vendor_name":"B&R Industrial Automation","product_slug":"sram-driver","product_name":"SRAM driver","version_start":"0","version_start_inclusive":true,"version_end":"1.2.0","version_end_inclusive":false,"cpe23_uri":"cve5:b-r-industrial-automation:sram-driver:0:1.2.0"},{"vendor_slug":"b-r-industrial-automation","vendor_name":"B&R Industrial Automation","product_slug":"tou0ch-lock","product_name":"Tou0ch Lock","version_start":"0","version_start_inclusive":true,"version_end":"2.1.0","version_end_inclusive":false,"cpe23_uri":"cve5:b-r-industrial-automation:tou0ch-lock:0:2.1.0"},{"vendor_slug":"b-r-industrial-automation","vendor_name":"B&R Industrial Automation","product_slug":"vc4","product_name":"VC4","version_start":"0","version_start_inclusive":true,"version_end":"4.73.2","version_end_inclusive":false,"cpe23_uri":"cve5:b-r-industrial-automation:vc4:0:4.73.2"},{"vendor_slug":"b-r-industrial-automation","vendor_name":"B&R Industrial Automation","product_slug":"windows-10-iot-enterprise-2019-ltsc","product_name":"Windows 10 IoT Enterprise 2019 LTSC","version_start":"0","version_start_inclusive":true,"version_end":"1.1","version_end_inclusive":true,"cpe23_uri":"cve5:b-r-industrial-automation:windows-10-iot-enterprise-2019-ltsc:0:1.1"},{"vendor_slug":"b-r-industrial-automation","vendor_name":"B&R Industrial Automation","product_slug":"windows-10-recovery-solution","product_name":"Windows 10 Recovery Solution","version_start":"0","version_start_inclusive":true,"version_end":"3.2.0","version_end_inclusive":false,"cpe23_uri":"cve5:b-r-industrial-automation:windows-10-recovery-solution:0:3.2.0"},{"vendor_slug":"b-r-industrial-automation","vendor_name":"B&R Industrial Automation","product_slug":"windows-settings-changer-2019-ltsc","product_name":"Windows Settings Changer (2019 LTSC)","version_start":"0","version_start_inclusive":true,"version_end":"2.2.0","version_end_inclusive":false,"cpe23_uri":"cve5:b-r-industrial-automation:windows-settings-changer-2019-ltsc:0:2.2.0"},{"vendor_slug":"b-r-industrial-automation","vendor_name":"B&R Industrial Automation","product_slug":"windows-settings-changer-ltsc","product_name":"Windows Settings Changer (LTSC)","version_start":"0","version_start_inclusive":true,"version_end":"3.2.0","version_end_inclusive":false,"cpe23_uri":"cve5:b-r-industrial-automation:windows-settings-changer-ltsc:0:3.2.0"}],"exploit_refs":[],"news":[],"references":[{"url":"https://www.br-automation.com/fileadmin/SA24P005_Insecure_Loading_of_Code-c7d9e49c.pdf","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2024-05-14T18:49:28.624000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:35:15.125230Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:35:15.125230Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:35:15.125230Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"ssvc_changed","at":"2026-06-29T01:57:11.927927Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T01:57:11.927927Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T01:57:11.927927Z","label":"SSVC decision revised","source":"vulnrichment"}]}