Br-automation

Automation Runtime

9 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2024-5800

  • EPSS 0.1%
  • Veröffentlicht 12.08.2024 13:38:38
  • Zuletzt bearbeitet 19.12.2025 14:51:31

Diffie-Hellman groups with insufficient strength are used in the SSL/TLS stack of B&R Automation Runtime versions before 6.0.2, allowing a network attacker to decrypt the SSL/TLS communication.

7.2

CVE-2024-2637

  • EPSS 0.04%
  • Veröffentlicht 14.05.2024 19:15:10
  • Zuletzt bearbeitet 24.04.2025 07:15:29

An Uncontrolled Search Path Element vulnerability in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automation mapp View, B&R Industrial Automation mapp Cock...

6.1

CVE-2023-6028

  • EPSS 0.15%
  • Veröffentlicht 05.02.2024 18:15:51
  • Zuletzt bearbeitet 21.11.2024 08:43:00

A reflected cross-site scripting (XSS) vulnerability exists in the SVG version of System Diagnostics Manager of B&R Automation Runtime versions <= G4.93 that enables a remote attacker to execute arbitrary JavaScript code in the context of the attacke...

9.8

CVE-2024-0323

  • EPSS 0.12%
  • Veröffentlicht 05.02.2024 16:15:54
  • Zuletzt bearbeitet 21.11.2024 08:46:19

The FTP server used on the B&R Automation Runtime supports unsecure encryption mechanisms, such as SSLv3, TLSv1.0 and TLS1.1. An network-based attacker can exploit the flaws to conduct man-in-the-middle attacks or to decrypt communications between th...

5.9

CVE-2023-3242

  • EPSS 0.29%
  • Veröffentlicht 26.07.2023 18:15:11
  • Zuletzt bearbeitet 21.11.2024 08:16:46

Improper initialization implementation in Portmapper used in B&R Industrial Automation Automation Runtime <G4.93 allows unauthenticated network-based attackers to cause permanent denial-of-service conditions.

6.1

CVE-2022-4286

  • EPSS 0.21%
  • Veröffentlicht 14.02.2023 15:15:11
  • Zuletzt bearbeitet 21.11.2024 07:34:56

A reflected cross-site scripting (XSS) vulnerability exists in System Diagnostics Manager of B&R Automation Runtime versions >=3.00 and <=C4.93 that enables a remote attacker to execute arbitrary JavaScript in the context of the users browser sessio...

8.6

CVE-2021-22275

  • EPSS 0.44%
  • Veröffentlicht 13.05.2022 15:15:08
  • Zuletzt bearbeitet 21.11.2024 05:49:49

Buffer Overflow vulnerability in B&R Automation Runtime webserver allows an unauthenticated network-based attacker to stop the cyclic program on the device and cause a denial of service.

7.5

CVE-2020-11637

  • EPSS 0.29%
  • Veröffentlicht 15.10.2020 16:15:11
  • Zuletzt bearbeitet 21.11.2024 04:58:18

A memory leak in the TFTP service in B&R Automation Runtime versions <N4.26, <N4.34, <F4.45, <E4.53, <D4.63, <A4.73 and prior could allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition.

9.4

CVE-2019-19108

  • EPSS 0.76%
  • Veröffentlicht 20.04.2020 22:15:13
  • Zuletzt bearbeitet 21.11.2024 04:34:12

An authentication weakness in the SNMP service in B&R Automation Runtime versions 2.96, 3.00, 3.01, 3.06 to 3.10, 4.00 to 4.63, 4.72 and above allows unauthenticated users to modify the configuration of B&R products via SNMP.