CVE-2024-8313
Published: 25 March 2025
Summary
CVE-2024-8313 is a high-severity Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497) vulnerability in Br Automation (inferred from references). Its CVSS base score is 8.7 (High).
Operationally, ranked at the 42.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-54541
Vulnerability details
An Exposure of Sensitive System Information to an Unauthorized Control Sphere and Initialization of a Resource with an Insecure Default vulnerability in the SNMP component of B&R APROL <4.4-00P5 may allow an unauthenticated adjacent-based attacker to read and alter configuration…
more
using SNMP.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Ongoing reviews detect and remove sensitive system information before it reaches publicly accessible systems.
Employs detection to prevent unauthorized mining of sensitive system information from being exfiltrated to external control spheres.
Requires documented secure initialization practices and avoidance of insecure defaults in configuration baselines.
Documenting where system information is processed and stored prevents exposure to unauthorized control spheres.
Reviewing and updating baseline when components are installed or upgraded prevents initialization with insecure defaults.
Requiring explicit configuration to minimal functionality overrides insecure defaults that would otherwise enable excess capabilities.
The control stops sensitive system information from crossing into unauthorized control spheres through EM emanations.
Tailoring replaces or augments insecure default initializations with system-specific values and compensating controls before deployment.