B R Industrial Automation Automation Runtime vulnerabilities
7 known vulnerabilities affecting b_r_industrial_automation/automation_runtime.
Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH3MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2025-3450P2CRITICALCVSS 10.0≥ 6.0, < 6.3≥ 4.0, < Q4.932025-10-07
CVE-2025-3450 [CRITICAL] CWE-413 CVE-2025-3450: An Improper Resource Locking vulnerability in the SDM component of B&R Automation Runtime versions b
An Improper Resource Locking vulnerability in the SDM component of B&R Automation Runtime versions before 6.3 and before Q4.93 may allow an unauthenticated network-based attacker to delete data causing denial of service conditions.
nvd
CVE-2024-0323P3CRITICALCVSS 9.8≥ 14.0, < 14.932024-02-05
CVE-2024-0323 [CRITICAL] CWE-1240 CVE-2024-0323: The FTP server used on the B&R Automation Runtime supports unsecure encryption mechanisms, such as S
The FTP server used on the B&R
Automation Runtime supports unsecure encryption mechanisms, such as SSLv3,
TLSv1.0 and TLS1.1. An network-based attacker can exploit the flaws to conduct
man-in-the-middle attacks or to decrypt communications between the affected product
clients.
nvd
CVE-2024-8603P3HIGHCVSS 7.5≥ 6.0, < 6.1v4.02025-01-15
CVE-2024-8603 [HIGH] CWE-327 CVE-2024-8603: A “Use of a Broken or Risky Cryptographic Algorithm” vulnerability in the SSL/TLS component used in
A “Use of a Broken or Risky Cryptographic Algorithm” vulnerability in the SSL/TLS component used in B&R Automation Runtime versions before 6.1 and B&R mapp View versions before 6.1 may be abused by unauthenticated network-based attackers to masquerade as services on impacted devices.
nvd
CVE-2024-5800P3HIGHCVSS 7.5fixed in 6.0.02024-08-12
CVE-2024-5800 [HIGH] CWE-326 CVE-2024-5800: Diffie-Hellman groups with insufficient strength are used in the SSL/TLS stack of B&R Automation Run
Diffie-Hellman groups with insufficient strength are used in the SSL/TLS stack of B&R Automation Runtime versions before 6.0.2, allowing a network attacker to decrypt the SSL/TLS communication.
nvd
CVE-2024-2637P4HIGHCVSS 7.2fixed in J4.932024-05-14
CVE-2024-2637 [HIGH] CWE-427 CVE-2024-2637: An Uncontrolled Search Path Element vulnerability in B&R Industrial Automation Scene Viewer, B&R Ind
An Uncontrolled Search Path Element vulnerability in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automation mapp View, B&R Industrial Automation mapp Cockpit, B&R Industrial Automation mapp Safety, B&R Industrial Automation VC4, B&R Industrial Automation APRO
nvd
CVE-2023-6028P4MEDIUMCVSS 6.1≥ 14.0, < 14.932024-02-05
CVE-2023-6028 [MEDIUM] CWE-79 CVE-2023-6028: A reflected cross-site scripting (XSS) vulnerability exists in the SVG version of System Diagnostics
A reflected
cross-site scripting (XSS) vulnerability exists in the SVG version of System
Diagnostics Manager of B&R Automation Runtime versions <= G4.93 that
enables a remote attacker to execute arbitrary JavaScript code in the context
of the attacked user’s browser session.
nvd
CVE-2024-5801P4MEDIUMCVSS 5.3fixed in 6.02024-08-12
CVE-2024-5801 [MEDIUM] CWE-653 CVE-2024-5801: Enabled IP Forwarding feature in B&R Automation Runtime versions before 6.0.2 may allow remote attac
Enabled IP Forwarding feature in B&R Automation Runtime versions before 6.0.2 may allow remote attack-ers to compromise network security by routing IP-based packets through the host, potentially by-passing firewall, router, or NAC filtering.
nvd