CVE-2020-24681 – This vulnerability allows local attackers to es... (How to Fix)

Q: What is the severity of CVE-2020-24681?

CVE-2020-24681 has a CVSS score of 8.2 (HIGH). This vulnerability allows local attackers to escalate privileges on systems running affected versions of B&R Industrial Automation Automation Studio. By exploiting incorrect permission assignments for critical resources, attackers can gain elevated system privileges. This affects users of Automation Studio versions 4.6.0 through 4.6.X, 4.7.0 before 4.7.7 SP, 4.8.0 before 4.8.6 SP, and 4.9.0 before 4.9.4 SP.

📋 TL;DR

This vulnerability allows local attackers to escalate privileges on systems running affected versions of B&R Industrial Automation Automation Studio. By exploiting incorrect permission assignments for critical resources, attackers can gain elevated system privileges. This affects users of Automation Studio versions 4.6.0 through 4.6.X, 4.7.0 before 4.7.7 SP, 4.8.0 before 4.8.6 SP, and 4.9.0 before 4.9.4 SP.

💻 Affected Systems

Products:

B&R Industrial Automation Automation Studio

Versions: 4.6.0 through 4.6.X, 4.7.0 before 4.7.7 SP, 4.8.0 before 4.8.6 SP, 4.9.0 before 4.9.4 SP

Operating Systems: Windows (typically used for Automation Studio)

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all default installations of the specified versions. Industrial control systems using Automation Studio for programming and configuration are at risk.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with administrative privileges, allowing installation of persistent malware, data theft, and disruption of industrial control operations.

🟠

Likely Case

Local privilege escalation enabling attackers to bypass security controls, access sensitive industrial automation data, and modify system configurations.

🟢

If Mitigated

Limited impact with proper network segmentation, least privilege principles, and monitoring in place, though local access could still lead to privilege escalation.

🌐 Internet-Facing: LOW - This is primarily a local privilege escalation vulnerability requiring local access to the system.

🏢 Internal Only: HIGH - Industrial control systems often have critical functions, and privilege escalation could lead to operational disruption or safety issues.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires local access to the system. The CWE-732 (Incorrect Permission Assignment) suggests straightforward exploitation once local access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.7.7 SP, 4.8.6 SP, 4.9.4 SP, and later versions

Vendor Advisory: https://www.br-automation.com/fileadmin/2021-14-BR-AS-NET-PVI-Service-Issues-c3710fbf.pdf

Restart Required: Yes

Instructions:

1. Download the latest service pack from B&R Industrial Automation website. 2. Backup current projects and configurations. 3. Install the service pack following vendor instructions. 4. Restart the system. 5. Verify installation and test functionality.

🔧 Temporary Workarounds

Restrict Local Access

all

Limit physical and remote access to systems running Automation Studio to authorized personnel only.

Apply Least Privilege

windows

Run Automation Studio with minimal necessary privileges and implement user account control restrictions.

🧯 If You Can't Patch

Implement strict network segmentation to isolate Automation Studio systems from other critical networks.
Enhance monitoring and logging on affected systems to detect privilege escalation attempts.

🔍 How to Verify

Check if Vulnerable:

Check Automation Studio version via Help > About in the application interface or examine installed programs in Windows Control Panel.

Check Version:

Not applicable - check via application interface or Windows Programs and Features

Verify Fix Applied:

Verify installed version is 4.7.7 SP or higher, 4.8.6 SP or higher, or 4.9.4 SP or higher.

📡 Detection & Monitoring

Log Indicators:

Unexpected privilege escalation events in Windows security logs
Unusual process creation with elevated privileges
Changes to Automation Studio configuration files

Network Indicators:

Not applicable - local vulnerability

SIEM Query:

Windows Security Event ID 4672 (Special privileges assigned to new logon) from Automation Studio systems

📊 Metadata

CVE ID: CVE-2020-24681

CVSS v3 Score: 8.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CWE: CWE-732

Published: February 2, 2024

Last Updated: November 21, 2024

🔗 References

https://www.br-automation.com/fileadmin/2021-14-BR-AS-NET-PVI-Service-Issues-c3710fbf.pdf Vendor Advisory
https://www.br-automation.com/fileadmin/2021-14-BR-AS-NET-PVI-Service-Issues-c3710fbf.pdf Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-24681, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Automation Studio by Br Automation

Automation Studio by Br Automation

Automation Studio by Br Automation

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict Local Access

Apply Least Privilege

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities