What is CVE-2023-1617?

CVE-2023-1617 is an improper authentication vulnerability in B&R Industrial Automation B&R VC4 (VNC-Server modules) that allows an unauthenticated attacker to bypass the authentication mechanism of the VC4 visualization on affected devices.

What is the severity of CVE-2023-1617?

The severity of CVE-2023-1617 is critical with a severity value of 9.8.

How does CVE-2023-1617 impact affected devices?

The impact of CVE-2023-1617 depends on the specific configuration and usage of the VC4 visualization on the affected devices.

Which software version of B&R VC4 is affected by CVE-2023-1617?

B&R VC4 versions up to and including 4.73.0 are affected by CVE-2023-1617.

How can I fix CVE-2023-1617?

To fix CVE-2023-1617, it is recommended to update B&R VC4 to a version that is not affected by the vulnerability.

Vulnerability/
CVE-2023-1617

critical

9.8

CWE

287

14/4/2023

6/2/2025

CVE-2023-1617: Improper Authentication Mechanism in B&R VC4 Visualization

First published: Fri Apr 14 2023(Updated: )

Improper Authentication vulnerability in B&R Industrial Automation B&R VC4 (VNC-Server modules). This vulnerability may allow an unauthenticated network-based attacker to bypass the authentication mechanism of the VC4 visualization on affected devices. The impact of this vulnerability depends on the functionality provided in the visualization. This issue affects B&R VC4: from 3.* through 3.96.7, from 4.0* through 4.06.7, from 4.1* through 4.16.3, from 4.2* through 4.26.8, from 4.3* through 4.34.6, from 4.4* through 4.45.1, from 4.5* through 4.45.3, from 4.7* through 4.72.9.

Credit: cybersecurity@ch.abb.com

Affected Software	Affected Version	How to fix
B&R Industrial Automation VC4	<3.96.8
B&R Industrial Automation VC4	>=4.0.0<=4.06.4
B&R Industrial Automation VC4	>=4.10.0<=4.16.3
B&R Industrial Automation VC4	>=4.20.0<=4.26.8
B&R Industrial Automation VC4	>=4.30.0<4.34.7
B&R Industrial Automation VC4	>=4.40.0<=4.45.1
B&R Industrial Automation VC4	>=4.50.0<=4.53.0
B&R Industrial Automation VC4	>=4.70.0<4.73.0

Never miss a vulnerability like this again

Reference Links

https://www.br-automation.com/downloads_br_productcatalogue/assets/1681046878970-en-original-1.0.pdf

Frequently Asked Questions

What is CVE-2023-1617?
CVE-2023-1617 is an improper authentication vulnerability in B&R Industrial Automation B&R VC4 (VNC-Server modules) that allows an unauthenticated attacker to bypass the authentication mechanism of the VC4 visualization on affected devices.
What is the severity of CVE-2023-1617?
The severity of CVE-2023-1617 is critical with a severity value of 9.8.
How does CVE-2023-1617 impact affected devices?
The impact of CVE-2023-1617 depends on the specific configuration and usage of the VC4 visualization on the affected devices.
Which software version of B&R VC4 is affected by CVE-2023-1617?
B&R VC4 versions up to and including 4.73.0 are affected by CVE-2023-1617.
How can I fix CVE-2023-1617?
To fix CVE-2023-1617, it is recommended to update B&R VC4 to a version that is not affected by the vulnerability.

agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/references
agent/author
agent/last-modified-date
agent/title
agent/severity
agent/weakness
agent/description
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/br-automation
canonical/b&r industrial automation vc4
version/b&r industrial automation vc4/4.0.0
version/b&r industrial automation vc4/4.06.4
version/b&r industrial automation vc4/4.10.0
version/b&r industrial automation vc4/4.16.3
version/b&r industrial automation vc4/4.20.0
version/b&r industrial automation vc4/4.26.8
version/b&r industrial automation vc4/4.30.0
version/b&r industrial automation vc4/4.40.0
version/b&r industrial automation vc4/4.45.1
version/b&r industrial automation vc4/4.50.0
version/b&r industrial automation vc4/4.53.0
version/b&r industrial automation vc4/4.70.0