92 matches found
CVE-2024-5800
CVE-2024-5800 affects B&R Automation Runtime: Diffie-Hellman groups with insufficient strength are used in the SSL/TLS stack in versions before 6.0.2, enabling a network attacker to decrypt traffic. The vulnerability is tied to weak DH parameters in the TLS implementation, with impact limited to ...
PT-2024-37164 · Br · B&R Automation Runtime
Name of the Vulnerable Software and Affected Versions: B&R Automation Runtime versions prior to 6.0.2 Description: The issue concerns the use of Diffie-Hellman groups with insufficient strength in the SSL/TLS stack, allowing a network attacker to decrypt the SSL/TLS communication. Recommendations...
CVE-2024-2637
An Uncontrolled Search Path Element vulnerability in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automation mapp View, B&R Industrial Automation mapp Cockpit, B&R Industrial Automation mapp Safety, B&R...
CVE-2024-2637 Insecure Loading of Code in B&R Products
An Uncontrolled Search Path Element vulnerability in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automation mapp View, B&R Industrial Automation mapp Cockpit, B&R Industrial Automation mapp Safety, B&R...
CVE-2024-2637 Insecure Loading of Code in B&R Products
An Uncontrolled Search Path Element vulnerability in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automation mapp View, B&R Industrial Automation mapp Cockpit, B&R Industrial Automation mapp Safety, B&R...
B&R Industrial Automation多款产品 代码问题漏洞
B&R Industrial Automation Scene Viewer and others are products of B&R Industrial Automation, an Austrian company.B&R Industrial Automation Scene Viewer is a visualization tool for visualizing and simulating scenarios in industrial automation systems.B&R Industrial Automation Runtime is a real-tim...
CVE-2023-6028
A reflected cross-site scripting XSS vulnerability exists in the SVG version of System Diagnostics Manager of B&R Automation Runtime versions = G4.93 that enables a remote attacker to execute arbitrary JavaScript code in the context of the attacked user’s browser session...
Cross site scripting
A reflected cross-site scripting XSS vulnerability exists in the SVG version of System Diagnostics Manager of B&R Automation Runtime versions = G4.93 that enables a remote attacker to execute arbitrary JavaScript code in the context of the attacked user’s browser session...
CVE-2023-6028
CVE-2023-6028 affects B&R Automation Runtime; a reflected XSS vulnerability exists in the SVG version of the System Diagnostics Manager. Affected products/versions: B&R Automation Runtime versions
CVE-2024-0323
The FTP server used on the B&R Automation Runtime supports unsecure encryption mechanisms, such as SSLv3, TLSv1.0 and TLS1.1. An network-based attacker can exploit the flaws to conduct man-in-the-middle attacks or to decrypt communications between the affected product clients...
Design/Logic Flaw
Use of a Broken or Risky Cryptographic Algorithm vulnerability in B&R Industrial Automation Automation Runtime SDM modules. The FTP server used on the B&R Automation Runtime supports unsecure encryption mechanisms, such as SSLv3, TLSv1.0 and TLS1.1. An network-based attacker can exploit the flaws...
CVE-2024-0323
The CVE-2024-0323 entry affects the B&R Automation Runtime FTP server, where the FTP service supports insecure encryption mechanisms (SSLv3, TLS 1.0, TLS 1.1). Affected product: B&R Automation Runtime (FTP server). Documented impact: network-based attacker can perform man-in-the-middle attacks or...
The vulnerability of the Portmapper service in B&R Automation Runtime software for process control and management systems, related to initialization errors, allows a malicious actor to trigger a service failure.
The vulnerability of the Portmapper service in B&R Automation Runtime software for process control and management involves initialization errors. Exploiting this vulnerability can allow a malicious actor to trigger a service failure by sending SYN requests...
PT-2023-4115 · B&R Industrial Automation · B&R Automation Runtime
Name of the Vulnerable Software and Affected Versions: B&R Automation Runtime versions prior to G4.93 Description: The issue is related to improper initialization implementation in the Portmapper service used in B&R Industrial Automation Automation Runtime. This allows unauthenticated network-bas...
CVE-2022-4286
A reflected cross-site scripting XSS vulnerability exists in System Diagnostics Manager of B&R Automation Runtime versions =3.00 and =C4.93 that enables a remote attacker to execute arbitrary JavaScript in the context of the users browser session...
Cross site scripting
A reflected cross-site scripting XSS vulnerability exists in System Diagnostics Manager of B&R Automation Runtime versions =3.00 and =C4.93 that enables a remote attacker to execute arbitrary JavaScript in the context of the users browser session...
CVE-2022-4286 Reflected Cross-Site Scripting Vulnerabilities in Automation Runtime
A reflected cross-site scripting XSS vulnerability exists in System Diagnostics Manager of B&R Automation Runtime versions =3.00 and =C4.93 that enables a remote attacker to execute arbitrary JavaScript in the context of the users browser session...
CVE-2022-4286 Reflected Cross-Site Scripting Vulnerabilities in Automation Runtime
A reflected cross-site scripting XSS vulnerability exists in System Diagnostics Manager of B&R Automation Runtime versions =3.00 and =C4.93 that enables a remote attacker to execute arbitrary JavaScript in the context of the users browser session...
CVE-2022-4286
Summary: CVE-2022-4286 affects B&R Automation Runtime’s System Diagnostics Manager, with vulnerable versions 3.00 through C4.93. A reflected XSS allows a remote attacker to execute arbitrary JavaScript in the victim’s browser session. The root cause is improper neutralization of input during web ...
CVE-2021-22275
Buffer Overflow vulnerability in B&R Automation Runtime webserver allows an unauthenticated network-based attacker to stop the cyclic program on the device and cause a denial of service...