Lucene search

K

Automation Runtime Security Vulnerabilities

cve
cve

CVE-2024-2637

An Uncontrolled Search Path Element vulnerability in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automation mapp View, B&R Industrial Automation mapp Cockpit, B&R Industrial Automation mapp Safety, B&R.....

7.2CVSS

6.9AI Score

0.0004EPSS

2024-05-14 07:15 PM
36
cve
cve

CVE-2023-46280

A vulnerability has been identified in S7-PCT (All versions), Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC NET PC Software (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC PDM V9.2 (All versions),...

6.5CVSS

6.5AI Score

0.0004EPSS

2024-05-14 04:15 PM
30
cve
cve

CVE-2024-1023

A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge,.....

6.5CVSS

6.3AI Score

0.0004EPSS

2024-03-27 08:15 AM
152
cve
cve

CVE-2023-6028

A reflected cross-site scripting (XSS) vulnerability exists in the SVG version of System Diagnostics Manager of B&R Automation Runtime versions <= G4.93 that enables a remote attacker to execute arbitrary JavaScript code in the context of the attacked user’s browser...

6.1CVSS

6AI Score

0.001EPSS

2024-02-05 06:15 PM
13
cve
cve

CVE-2024-0323

The FTP server used on the B&R Automation Runtime supports unsecure encryption mechanisms, such as SSLv3, TLSv1.0 and TLS1.1. An network-based attacker can exploit the flaws to conduct man-in-the-middle attacks or to decrypt communications between the affected product...

9.8CVSS

9.3AI Score

0.001EPSS

2024-02-05 04:15 PM
29
cve
cve

CVE-2023-40370

IBM Robotic Process Automation 21.0.0 through 21.0.7.1 runtime is vulnerable to information disclosure of script content if the remote REST request computer policy is enabled. IBM X-Force ID: ...

5.3CVSS

5AI Score

0.0004EPSS

2023-08-22 10:15 PM
33
cve
cve

CVE-2023-3242

Improper initialization implementation in Portmapper used in B&R Industrial Automation Automation...

8.6CVSS

5.7AI Score

0.0005EPSS

2023-07-26 06:15 PM
43
cve
cve

CVE-2022-4286

A reflected cross-site scripting (XSS) vulnerability exists in System Diagnostics Manager of B&R Automation Runtime versions >=3.00 and <=C4.93 that enables a remote attacker to execute arbitrary JavaScript in the context of the users browser...

6.1CVSS

5.9AI Score

0.001EPSS

2023-02-14 03:15 PM
24
cve
cve

CVE-2022-33208

Authentication bypass by capture-replay vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software...

8.1CVSS

7.9AI Score

0.006EPSS

2022-07-04 02:15 AM
37
8
cve
cve

CVE-2022-34151

Use of hard-coded credentials vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software 'Sysmac...

8.1CVSS

7.9AI Score

0.006EPSS

2022-07-04 02:15 AM
40
In Wild
10
cve
cve

CVE-2021-22275

Buffer Overflow vulnerability in B&R Automation Runtime webserver allows an unauthenticated network-based attacker to stop the cyclic program on the device and cause a denial of...

8.6CVSS

8.3AI Score

0.001EPSS

2022-05-13 03:15 PM
53
10
cve
cve

CVE-2021-3449

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then.....

5.9CVSS

6.5AI Score

0.004EPSS

2021-03-25 03:15 PM
624
82
cve
cve

CVE-2020-12510

The default installation path of the TwinCAT XAR 3.1 software in all versions is underneath C:\TwinCAT. If the directory does not exist it and further subdirectories are created with permissions which allow every local user to modify the content. The default installation registers TcSysUI.exe for.....

7.3CVSS

7.1AI Score

0.0004EPSS

2020-11-19 06:15 PM
21
cve
cve

CVE-2020-11637

A memory leak in the TFTP service in B&R Automation Runtime...

7.5CVSS

7.3AI Score

0.001EPSS

2020-10-15 04:15 PM
27
cve
cve

CVE-2020-7580

A vulnerability has been identified in SIMATIC Automation Tool (All versions < V4 SP2), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Upd3), SIMATIC PCS neo (All versions < V3.0...

6.7CVSS

6.7AI Score

0.0004EPSS

2020-06-10 05:15 PM
54
1
cve
cve

CVE-2019-19108

An authentication weakness in the SNMP service in B&R Automation Runtime versions 2.96, 3.00, 3.01, 3.06 to 3.10, 4.00 to 4.63, 4.72 and above allows unauthenticated users to modify the configuration of B&R products via...

9.4CVSS

9.2AI Score

0.001EPSS

2020-04-20 10:15 PM
28
cve
cve

CVE-2019-5736

runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an...

8.6CVSS

8.8AI Score

0.004EPSS

2019-02-11 07:29 PM
488
In Wild
9