CVE-2025-11044

An Allocation of Resources Without Limits or Throttling vulnerability in the ANSL-Server component of B Automation Runtime versions prior to 6.5 and prior to R4.93 could be exploited by an unauthenti-cated attacker on the network to win a race condition, resulting in permanent denial-of-service D...

EUVD-2026-3214

An Allocation of Resources Without Limits or Throttling vulnerability in the ANSL-Server component of B&R Automation Runtime versions prior to 6.5 and prior to R4.93 could be exploited by an unauthenti-cated attacker on the network to win a race condition, resulting in permanent denial-of-service...

PT-2026-3450

Name of the Vulnerable Software and Affected Versions B&R Automation Runtime versions prior to 6.5 B&R Automation Runtime versions prior to R4.93 Description An issue exists in the ANSL-Server component that involves allocation of resources without limits or throttling. An unauthenticated attacke...

B&R Automation Studio Trust Management Vulnerability

B&R Automation Studio is an integrated development environment provided by the Austrian company B&R. Versions of B&R Automation Studio prior to version 6.5 contained a trust management vulnerability. This vulnerability stemmed from improper verification of OPC-UA client and ANSL over TLS client...

CVE-2025-11498 CSV Formula Injection Vulnerability

An Improper Neutralization of Formula Elements in a CSV File vulnerability exists in System Diagnostics Manager SDM of B&R Automation Runtime versions before 6.4 enabling a remote attacker to inject formula data into a generated CSV file. The exploitation of this vulnerability requires the attack...

B&R Automation Runtime 安全漏洞

B&R Automation Runtime is an automation runtime from B&R Automation. A security vulnerability exists in B&R Automation Runtime versions prior to 6.4 that stems from the SDM component's generation of predictable numbers or identifiers, which could lead to an unauthenticated cyber attacker taking...

PT-2025-3702 · B&R · B&R Automation Runtime +1

Name of the Vulnerable Software and Affected Versions: B&R Automation Runtime versions prior to 6.1 B&R mapp View versions prior to 6.1 Description: A "Use of a Broken or Risky Cryptographic Algorithm" issue in the SSL/TLS component may be exploited by unauthenticated network-based attackers to...

B&R Automation Runtime 加密问题漏洞

B&R Automation Runtime is an automation runtime from B&R Automation. An encryption issue vulnerability exists in B&R Automation Runtime versions prior to 6.1 and B&R mapp View versions prior to 6.1, which stems from the use of corrupt or risky encryption algorithms...

CVE-2024-0323

The FTP server used on the B&R Automation Runtime supports unsecure encryption mechanisms, such as SSLv3, TLSv1.0 and TLS1.1. An network-based attacker can exploit the flaws to conduct man-in-the-middle attacks or to decrypt communications between the affected product clients...

CVE-2021-22282

Improper Control of Generation of Code 'Code Injection' vulnerability in B&R Industrial Automation Automation Studio allows Local Execution of Code.This issue affects Automation Studio: from 4.0 through 4.12...

PT-2023-4115 · B&R Industrial Automation · B&R Automation Runtime

Name of the Vulnerable Software and Affected Versions: B&R Automation Runtime versions prior to G4.93 Description: The issue is related to improper initialization implementation in the Portmapper service used in B&R Industrial Automation Automation Runtime. This allows unauthenticated network-bas...

CVE-2022-4286

A reflected cross-site scripting XSS vulnerability exists in System Diagnostics Manager of B&R Automation Runtime versions =3.00 and =C4.93 that enables a remote attacker to execute arbitrary JavaScript in the context of the users browser session...

B&R Industrial Automation APROL Injection Vulnerability

B&r Automation B&r Automation APROL is a Linux-based process control system for industrial control applications from B&r Automation, Australia. An injection vulnerability exists in B&R Industrial Automation APROL versions prior to R4.2 V7.08, which can be exploited to inject and execute arbitrary...

B&r Automation APROL Authorization Issues Vulnerability

B&r Automation APROL is a Linux-based process control system for industrial control applications from Australian company B&r Automation. An authorization issue vulnerability exists in versions prior to B&R Industrial Automation APROL R4.2 V7.08, which can be exploited by an attacker to access...

CVE-2019-19102

A directory traversal vulnerability in SharpZipLib used in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x and 4.2.x allow unauthenticated users to write to certain local directories. The vulnerability is also known as zip slip...

CVE-2019-19101

A missing secure communication definition and an incomplete TLS validation in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x, 4.2.x, 4.3.11SP, 4.4.9SP, 4.5.5SP, 4.6.4 and 4.7.2 enable unauthenticated users to perform MITM attacks via the B&R upgrade server...