92 matches found
EUVD-2024-46949
Malicious code in bioql PyPI...
B&R Automation Runtime Improper Neutralization of Input During Web Page Generation (CVE-2023-6028)
A reflected cross-site scripting XSS vulnerability exists in the SVG version of System Diagnostics Manager of B&R Automation Runtime versions = G4.93 that enables a remote attacker to execute arbitrary JavaScript code in the context of the attacked user's browser session. This plugin only works...
B&R Automation Runtime Missing Release of Memory after Effective Lifetime (CVE-2020-11637)
A memory leak in the TFTP service in B&R Automation Runtime versions N4.26, N4.34, F4.45, E4.53, D4.63, A4.73 and prior could allow an unauthenticated attacker with network access to cause a denial of service DoS condition. This plugin only works with Tenable.ot. Please visit...
B&R Automation Runtime Use of a Broken or Risky Cryptographic Algorithm (CVE-2024-8603)
B&R Automation Runtime and B&R mapp View generates self-signed certificates during the boot-up process if no certificates have been configured in the B&R Automation Studio project. These certificates are signed using an algorithm, which is no longer considered to be secure. This plugin only works...
CVE-2023-6028
A reflected cross-site scripting XSS vulnerability exists in the SVG version of System Diagnostics Manager of B Automation Runtime versions = G4.93 that enables a remote attacker to execute arbitrary JavaScript code in the context of the attacked user’s browser session...
CVE-2022-4286
A reflected cross-site scripting XSS vulnerability exists in System Diagnostics Manager of B Automation Runtime versions =3.00 and =C4.93 that enables a remote attacker to execute arbitrary JavaScript in the context of the users browser session...
The vulnerability of the implementations of TLS and SSL protocols in the B&R Automation Runtime and B&R mapp View software for managing and controlling industrial processes allows a perpetrator to compromise the integrity of the protected information.
The vulnerability of the TLS and SSL protocol implementations in B&R Automation Runtime and B&R mapp View software for process control and management involves the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability could allow a malicious actor to compromis...
CVE-2024-8603
A “Use of a Broken or Risky Cryptographic Algorithm” vulnerability in the SSL/TLS component used in B&R Automation Runtime versions before 6.1 and B&R mapp View versions before 6.1 may be abused by unauthenticated network-based attackers to masquerade as services on impacted devices...
CVE-2024-8603
A “Use of a Broken or Risky Cryptographic Algorithm” vulnerability in the SSL/TLS component used in B&R Automation Runtime versions before 6.1 and B&R mapp View versions before 6.1 may be abused by unauthenticated network-based attackers to masquerade as services on impacted devices...
CVE-2024-8603
A “Use of a Broken or Risky Cryptographic Algorithm” vulnerability in the SSL/TLS component used in B&R Automation Runtime versions before 6.1 and B&R mapp View versions before 6.1 may be abused by unauthenticated network-based attackers to masquerade as services on impacted devices...
CVE-2024-8603
CVE-2024-8603 affects B&R Automation Runtime and B&R mapp View versions prior to 6.1, where the SSL/TLS component uses a broken or risky cryptographic algorithm. Unauthenticated network-based attackers may masquerade as services on impacted devices. Multiple sources (NVD/NCSA advisory references ...
B&R Automation Runtime 加密问题漏洞
B&R Automation Runtime is an automation runtime from B&R Automation. An encryption issue vulnerability exists in B&R Automation Runtime versions prior to 6.1 and B&R mapp View versions prior to 6.1, which stems from the use of corrupt or risky encryption algorithms...
PT-2025-3702 · B&R · B&R Automation Runtime +1
Name of the Vulnerable Software and Affected Versions: B&R Automation Runtime versions prior to 6.1 B&R mapp View versions prior to 6.1 Description: A "Use of a Broken or Risky Cryptographic Algorithm" issue in the SSL/TLS component may be exploited by unauthenticated network-based attackers to...
CVE-2024-5800
Diffie-Hellman groups with insufficient strength are used in the SSL/TLS stack of B&R Automation Runtime versions before 6.0.2, allowing a network attacker to decrypt the SSL/TLS communication...
CVE-2024-5801
Enabled IP Forwarding feature in B&R Automation Runtime versions before 6.0.2 may allow remote attack-ers to compromise network security by routing IP-based packets through the host, potentially by-passing firewall, router, or NAC filtering...
CVE-2024-5801 IP Forwarding enabled in B&R Automation Runtime
Enabled IP Forwarding feature in B&R Automation Runtime versions before 6.0.2 may allow remote attack-ers to compromise network security by routing IP-based packets through the host, potentially by-passing firewall, router, or NAC filtering...
CVE-2024-5801
CVE-2024-5801 affects B&R Automation Runtime; enabling IP Forwarding in versions before 6.0.2 may allow remote attackers to route IP packets through the host, potentially bypassing firewall/NAC filtering. Base score 5.3 (MEDIUM). Remediation: upgrade to 6.0.2 or later. Exploitation details are no...
CVE-2024-5801 IP Forwarding enabled in B&R Automation Runtime
Enabled IP Forwarding feature in B&R Automation Runtime versions before 6.0.2 may allow remote attack-ers to compromise network security by routing IP-based packets through the host, potentially by-passing firewall, router, or NAC filtering...
CVE-2024-5800 Diffie-Hellman groups with insufficient strength used in SSL/TLS stack of B&R Automation Runtime
Diffie-Hellman groups with insufficient strength are used in the SSL/TLS stack of B&R Automation Runtime versions before 6.0.2, allowing a network attacker to decrypt the SSL/TLS communication...
CVE-2024-5800
CVE-2024-5800 affects B&R Automation Runtime: Diffie-Hellman groups with insufficient strength are used in the SSL/TLS stack in versions before 6.0.2, enabling a network attacker to decrypt traffic. The vulnerability is tied to weak DH parameters in the TLS implementation, with impact limited to ...