CVE-2024-0323 in Runtimeinfo

Summary

by MITRE • 02/05/2024

The FTP server used on the B&R Automation Runtime supports unsecure encryption mechanisms, such as SSLv3, TLSv1.0 and TLS1.1. An network-based attacker can exploit the flaws to conduct man-in-the-middle attacks or to decrypt communications between the affected product clients.  

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 09/06/2024

The vulnerability identified as CVE-2024-0323 affects the B&R Automation Runtime FTP server implementation, presenting a critical security weakness through the use of deprecated and insecure cryptographic protocols. This flaw resides in the server's encryption mechanisms where it continues to support SSLv3, TLSv1.0, and TLSv1.1 protocols that have been widely deprecated due to their inherent cryptographic weaknesses and known vulnerabilities. The persistence of these outdated encryption standards within the B&R Automation Runtime creates a significant attack surface that network-based adversaries can exploit to compromise the security of automated industrial environments.

The technical implementation flaw stems from the server's failure to enforce modern cryptographic standards and its continued acceptance of legacy protocols that are vulnerable to well-documented attacks. SSLv3 is particularly susceptible to the POODLE vulnerability, while TLSv1.0 and TLSv1.1 are vulnerable to BEAST, CRIME, and other cryptographic attacks that allow attackers to intercept and decrypt communications. The vulnerability aligns with CWE-327, which addresses the use of weak cryptographic algorithms, and specifically relates to the improper implementation of cryptographic protocols in network services. This weakness enables attackers to perform man-in-the-middle attacks by exploiting the insecure cipher suites and protocol versions, potentially allowing them to eavesdrop on sensitive industrial communications and manipulate data exchanges between clients and the automation server.

The operational impact of this vulnerability extends beyond traditional network security concerns into the critical realm of industrial control systems where B&R Automation Runtime is commonly deployed. Attackers exploiting this vulnerability can decrypt communications between industrial clients and the automation server, potentially gaining access to sensitive operational data, configuration parameters, and control commands. This poses significant risks to industrial environments where the integrity of communications is paramount for system safety and operational continuity. The vulnerability particularly affects environments where the B&R Automation Runtime is used in conjunction with other industrial protocols and where secure communication channels are essential for maintaining system integrity and preventing unauthorized access to critical infrastructure components.

The security implications of this vulnerability align with ATT&CK technique T1046, which covers network service scanning and exploitation of insecure network protocols, and T1566, which addresses social engineering through network-based attacks. Organizations utilizing B&R Automation Runtime in industrial settings should implement immediate mitigations including disabling support for SSLv3, TLSv1.0, and TLSv1.1 protocols on affected systems, enforcing the use of TLSv1.2 or higher with strong cryptographic ciphers, and implementing network segmentation to limit exposure of these services to untrusted networks. Additionally, regular security assessments should be conducted to identify and remediate similar vulnerabilities in industrial control system components, ensuring compliance with cybersecurity frameworks such as NIST SP 800-53 and IEC 62443 standards for industrial automation and control systems security.

Sources

Want to stay up to date on a daily basis?

Enable the mail alert feature now!