Lucene search
K

92 matches found

CVE
CVE
added 2024/08/10 3:50 a.m.65 views

CVE-2024-5800

CVE-2024-5800 affects B&R Automation Runtime: Diffie-Hellman groups with insufficient strength are used in the SSL/TLS stack in versions before 6.0.2, enabling a network attacker to decrypt traffic. The vulnerability is tied to weak DH parameters in the TLS implementation, with impact limited to ...

8.3CVSS6.4AI score0.00252EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/08/10 12:0 a.m.10 views

PT-2024-37164 · Br · B&R Automation Runtime

Name of the Vulnerable Software and Affected Versions: B&R Automation Runtime versions prior to 6.0.2 Description: The issue concerns the use of Diffie-Hellman groups with insufficient strength in the SSL/TLS stack, allowing a network attacker to decrypt the SSL/TLS communication. Recommendations...

8.3CVSS7.2AI score0.00252EPSS
Exploits0References3
NVD
NVD
added 2024/05/14 7:15 p.m.25 views

CVE-2024-2637

An Uncontrolled Search Path Element vulnerability in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automation mapp View, B&R Industrial Automation mapp Cockpit, B&R Industrial Automation mapp Safety, B&R...

7.2CVSS6.9AI score0.00168EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/14 6:49 p.m.34 views

CVE-2024-2637 Insecure Loading of Code in B&R Products

An Uncontrolled Search Path Element vulnerability in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automation mapp View, B&R Industrial Automation mapp Cockpit, B&R Industrial Automation mapp Safety, B&R...

7.2CVSS7.2AI score0.00168EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/14 6:49 p.m.25 views

CVE-2024-2637 Insecure Loading of Code in B&R Products

An Uncontrolled Search Path Element vulnerability in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automation mapp View, B&R Industrial Automation mapp Cockpit, B&R Industrial Automation mapp Safety, B&R...

7.2CVSS7AI score0.00168EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.4 views

B&R Industrial Automation多款产品 代码问题漏洞

B&R Industrial Automation Scene Viewer and others are products of B&R Industrial Automation, an Austrian company.B&R Industrial Automation Scene Viewer is a visualization tool for visualizing and simulating scenarios in industrial automation systems.B&R Industrial Automation Runtime is a real-tim...

7.2CVSS7AI score0.00168EPSS
Exploits0References3
OSV
OSV
added 2024/02/05 6:15 p.m.5 views

CVE-2023-6028

A reflected cross-site scripting XSS vulnerability exists in the SVG version of System Diagnostics Manager of B&R Automation Runtime versions = G4.93 that enables a remote attacker to execute arbitrary JavaScript code in the context of the attacked user’s browser session...

6.1CVSS6.1AI score0.00368EPSS
Exploits0References1
Prion
Prion
added 2024/02/05 6:15 p.m.29 views

Cross site scripting

A reflected cross-site scripting XSS vulnerability exists in the SVG version of System Diagnostics Manager of B&R Automation Runtime versions = G4.93 that enables a remote attacker to execute arbitrary JavaScript code in the context of the attacked user’s browser session...

5.8CVSS6.7AI score0.00368EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/02/05 5:33 p.m.53 views

CVE-2023-6028

CVE-2023-6028 affects B&R Automation Runtime; a reflected XSS vulnerability exists in the SVG version of the System Diagnostics Manager. Affected products/versions: B&R Automation Runtime versions

6.1CVSS6AI score0.00368EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/02/05 4:15 p.m.4 views

CVE-2024-0323

The FTP server used on the B&R Automation Runtime supports unsecure encryption mechanisms, such as SSLv3, TLSv1.0 and TLS1.1. An network-based attacker can exploit the flaws to conduct man-in-the-middle attacks or to decrypt communications between the affected product clients...

9.8CVSS5.8AI score0.0023EPSS
Exploits0References1
Prion
Prion
added 2024/02/05 4:15 p.m.17 views

Design/Logic Flaw

Use of a Broken or Risky Cryptographic Algorithm vulnerability in B&R Industrial Automation Automation Runtime SDM modules. The FTP server used on the B&R Automation Runtime supports unsecure encryption mechanisms, such as SSLv3, TLSv1.0 and TLS1.1. An network-based attacker can exploit the flaws...

7.5CVSS7.5AI score0.0023EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/02/05 4:5 p.m.71 views

CVE-2024-0323

The CVE-2024-0323 entry affects the B&R Automation Runtime FTP server, where the FTP service supports insecure encryption mechanisms (SSLv3, TLS 1.0, TLS 1.1). Affected product: B&R Automation Runtime (FTP server). Documented impact: network-based attacker can perform man-in-the-middle attacks or...

9.8CVSS9.3AI score0.0023EPSS
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/08/04 12:0 a.m.7 views

The vulnerability of the Portmapper service in B&R Automation Runtime software for process control and management systems, related to initialization errors, allows a malicious actor to trigger a service failure.

The vulnerability of the Portmapper service in B&R Automation Runtime software for process control and management involves initialization errors. Exploiting this vulnerability can allow a malicious actor to trigger a service failure by sending SYN requests...

9CVSS6.2AI score0.00454EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/07/26 12:0 a.m.6 views

PT-2023-4115 · B&R Industrial Automation · B&R Automation Runtime

Name of the Vulnerable Software and Affected Versions: B&R Automation Runtime versions prior to G4.93 Description: The issue is related to improper initialization implementation in the Portmapper service used in B&R Industrial Automation Automation Runtime. This allows unauthenticated network-bas...

9CVSS7.2AI score0.00454EPSS
Exploits0References4
OSV
OSV
added 2023/02/14 3:15 p.m.4 views

CVE-2022-4286

A reflected cross-site scripting XSS vulnerability exists in System Diagnostics Manager of B&R Automation Runtime versions =3.00 and =C4.93 that enables a remote attacker to execute arbitrary JavaScript in the context of the users browser session...

6.1CVSS6AI score0.00564EPSS
Exploits1References1
Prion
Prion
added 2023/02/14 3:15 p.m.15 views

Cross site scripting

A reflected cross-site scripting XSS vulnerability exists in System Diagnostics Manager of B&R Automation Runtime versions =3.00 and =C4.93 that enables a remote attacker to execute arbitrary JavaScript in the context of the users browser session...

5.8CVSS5.9AI score0.00564EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2023/02/14 2:25 p.m.27 views

CVE-2022-4286 Reflected Cross-Site Scripting Vulnerabilities in Automation Runtime

A reflected cross-site scripting XSS vulnerability exists in System Diagnostics Manager of B&R Automation Runtime versions =3.00 and =C4.93 that enables a remote attacker to execute arbitrary JavaScript in the context of the users browser session...

6.1CVSS6.1AI score0.00564EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/02/14 2:25 p.m.8 views

CVE-2022-4286 Reflected Cross-Site Scripting Vulnerabilities in Automation Runtime

A reflected cross-site scripting XSS vulnerability exists in System Diagnostics Manager of B&R Automation Runtime versions =3.00 and =C4.93 that enables a remote attacker to execute arbitrary JavaScript in the context of the users browser session...

6.1CVSS6AI score0.00564EPSS
Exploits1References1
CVE
CVE
added 2023/02/14 2:25 p.m.64 views

CVE-2022-4286

Summary: CVE-2022-4286 affects B&R Automation Runtime’s System Diagnostics Manager, with vulnerable versions 3.00 through C4.93. A reflected XSS allows a remote attacker to execute arbitrary JavaScript in the victim’s browser session. The root cause is improper neutralization of input during web ...

6.1CVSS6AI score0.00564EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2022/05/13 3:15 p.m.1 views

CVE-2021-22275

Buffer Overflow vulnerability in B&R Automation Runtime webserver allows an unauthenticated network-based attacker to stop the cyclic program on the device and cause a denial of service...

8.6CVSS5.8AI score
Exploits0References1
Rows per page
Query Builder