cbcvebase.

B R Industrial Automation Automation Runtime vulnerabilities

7 known vulnerabilities affecting b_r_industrial_automation/automation_runtime.

Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH3MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2025-3450P2CRITICALCVSS 10.0≥ 6.0, < 6.3≥ 4.0, < Q4.932025-10-07
CVE-2025-3450 [CRITICAL] CWE-413 CVE-2025-3450: An Improper Resource Locking vulnerability in the SDM component of B&R Automation Runtime versions b An Improper Resource Locking vulnerability in the SDM component of B&R Automation Runtime versions before 6.3 and before Q4.93 may allow an unauthenticated network-based attacker to delete data causing denial of service conditions.
nvd
CVE-2024-0323P3CRITICALCVSS 9.8≥ 14.0, < 14.932024-02-05
CVE-2024-0323 [CRITICAL] CWE-1240 CVE-2024-0323: The FTP server used on the B&R Automation Runtime supports unsecure encryption mechanisms, such as S The FTP server used on the B&R Automation Runtime supports unsecure encryption mechanisms, such as SSLv3, TLSv1.0 and TLS1.1. An network-based attacker can exploit the flaws to conduct man-in-the-middle attacks or to decrypt communications between the affected product clients.
nvd
CVE-2024-8603P3HIGHCVSS 7.5≥ 6.0, < 6.1v4.02025-01-15
CVE-2024-8603 [HIGH] CWE-327 CVE-2024-8603: A “Use of a Broken or Risky Cryptographic Algorithm” vulnerability in the SSL/TLS component used in A “Use of a Broken or Risky Cryptographic Algorithm” vulnerability in the SSL/TLS component used in B&R Automation Runtime versions before 6.1 and B&R mapp View versions before 6.1 may be abused by unauthenticated network-based attackers to masquerade as services on impacted devices.
nvd
CVE-2024-5800P3HIGHCVSS 7.5fixed in 6.0.02024-08-12
CVE-2024-5800 [HIGH] CWE-326 CVE-2024-5800: Diffie-Hellman groups with insufficient strength are used in the SSL/TLS stack of B&R Automation Run Diffie-Hellman groups with insufficient strength are used in the SSL/TLS stack of B&R Automation Runtime versions before 6.0.2, allowing a network attacker to decrypt the SSL/TLS communication.
nvd
CVE-2024-2637P4HIGHCVSS 7.2fixed in J4.932024-05-14
CVE-2024-2637 [HIGH] CWE-427 CVE-2024-2637: An Uncontrolled Search Path Element vulnerability in B&R Industrial Automation Scene Viewer, B&R Ind An Uncontrolled Search Path Element vulnerability in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automation mapp View, B&R Industrial Automation mapp Cockpit, B&R Industrial Automation mapp Safety, B&R Industrial Automation VC4, B&R Industrial Automation APRO
nvd
CVE-2023-6028P4MEDIUMCVSS 6.1≥ 14.0, < 14.932024-02-05
CVE-2023-6028 [MEDIUM] CWE-79 CVE-2023-6028: A reflected cross-site scripting (XSS) vulnerability exists in the SVG version of System Diagnostics A reflected cross-site scripting (XSS) vulnerability exists in the SVG version of System Diagnostics Manager of B&R Automation Runtime versions <= G4.93 that enables a remote attacker to execute arbitrary JavaScript code in the context of the attacked user’s browser session.
nvd
CVE-2024-5801P4MEDIUMCVSS 5.3fixed in 6.02024-08-12
CVE-2024-5801 [MEDIUM] CWE-653 CVE-2024-5801: Enabled IP Forwarding feature in B&R Automation Runtime versions before 6.0.2 may allow remote attac Enabled IP Forwarding feature in B&R Automation Runtime versions before 6.0.2 may allow remote attack-ers to compromise network security by routing IP-based packets through the host, potentially by-passing firewall, router, or NAC filtering.
nvd
B R Industrial Automation Automation Runtime vulnerabilities | cvebase