Latest Br-automation Vulnerabilities

CVE-2023-6028
SDM Web interface vulnerable to XSS
Br-automation Automation Runtime<i4.93
CVE-2024-0323
FTP uses unsecure encryption mechanisms
Br-automation Automation Runtime<=i4.93
CVE-2021-22281
Zip Slip Vulnerability in B&R Automation Studio Project Import
Br-automation Automation Studio>=4.0<=4.12
CVE-2020-24682
Automation Studio and PVI Multiple unquoted service path vulnerabilities
Br-automation Automation Studio<4.7.7.74
Br-automation Automation Studio>=4.8<4.8.6.30
Br-automation Automation Studio>=4.9<4.9.4.92
Microsoft Windows
Br-automation Automation Net\/pvi>=4.0<4.7.7
Br-automation Automation Net\/pvi>=4.8<4.8.6
and 2 more
CVE-2020-24681
Automation Studio and PVI Multiple incorrect permission assignments for services
Br-automation Automation Studio>=4.0<4.7.7.74
Br-automation Automation Studio>=4.8<4.8.6.30
Br-automation Automation Studio>=4.9<4.9.4.92
Microsoft Windows
CVE-2021-22282
RCE in B&R Automation Studio with crafted project files
Br-automation Automation Studio>=4.0<=4.12
CVE-2023-3242
Allocation of Resources Without Limits or Throttling, Improper Initialization vulnerability in B&R Industrial Automation B&R Automation Runtime allows Flooding, Leveraging Race Conditions.This issue a...
Br-automation Automation Runtime<g4.93
CVE-2023-1617
Improper Authentication vulnerability in B&R Industrial Automation B&R VC4 (VNC-Server modules).  This vulnerability may allow an unauthenticated network-based attacker to bypass the authentication me...
Br-automation Vc4<3.96.8
Br-automation Vc4>=4.0.0<=4.06.4
Br-automation Vc4>=4.10.0<=4.16.3
Br-automation Vc4>=4.20.0<=4.26.8
Br-automation Vc4>=4.30.0<4.34.7
Br-automation Vc4>=4.40.0<=4.45.1
and 2 more
CVE-2022-4286
A reflected cross-site scripting (XSS) vulnerability exists in System Diagnostics Manager of B&R Automation Runtime versions >=3.00 and <=C4.93 that enables a remote attacker to execute arbitrary Java...
Br-automation Automation Runtime>=3.00<=c4.93
CVE-2022-43765
Br-automation Industrial Automation Aprol<r4.2-07
CVE-2022-43762
Br-automation Industrial Automation Aprol<r4.2-07
CVE-2022-43763
Insufficient check of preconditions could lead to Denial of Service conditions when calling commands on the Tbase server of B&R APROL versions < R 4.2-07.
Br-automation Industrial Automation Aprol<r4.2-07
CVE-2022-43761
Missing authentication when creating and managing the B&R APROL database in versions < R 4.2-07 allows reading and changing the system configuration.
Br-automation Industrial Automation Aprol<r4.2-07
CVE-2021-22289
Improper Input Validation vulnerability in the project upload mechanism in B&R Automation Studio version >=4.0 may allow an unauthenticated network attacker to execute code.
Br-automation Studio>=4.0
CVE-2019-19873
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get information from the AprolSqlServer DBMS by bypassing authentication, a different vulnerability than C...
Br-automation Industrial Automation Aprol<r4.2
CVE-2019-19876
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An EnMon PHP script was vulnerable to SQL injection, a different vulnerability than CVE-2019-10006.
Br-automation Industrial Automation Aprol<r4.2
CVE-2019-19878
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get access to historical data from AprolSqlServer by bypassing authentication, a different vulnerability t...
Br-automation Industrial Automation Aprol<r4.2
CVE-2019-19874
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. Some web scripts in the web interface allowed injection and execution of arbitrary unintended commands on the web server, ...
Br-automation Industrial Automation Aprol<r4.2
CVE-2019-19875
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. Arbitrary commands could be injected (using Python scripts) via the AprolCluster script that is invoked via sudo and thus ...
Br-automation Industrial Automation Aprol<r4.2
CVE-2019-19877
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get access to sensitive information outside the working directory via Directory Traversal attacks against ...
Br-automation Industrial Automation Aprol<r4.2
CVE-2019-19869
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. PVs could be changed (unencrypted) by using the IosHttp service and the JSON interface.
Br-automation Industrial Automation Aprol<r4.2
CVE-2019-19872
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. The AprolLoader could be used to inject and execute arbitrary unintended commands via an unspecified attack scenario, a di...
Br-automation Industrial Automation Aprol<r4.2
CVE-2020-11637
A memory leak in the TFTP service in B&R Automation Runtime versions <N4.26, <N4.34, <F4.45, <E4.53, <D4.63, <A4.73 and prior could allow an unauthenticated attacker with network access to cause a den...
Br-automation Automation Runtime<=4.10
Br-automation Automation Runtime>=4.20<n4.26
Br-automation Automation Runtime>=4.40<f4.45
Br-automation Automation Runtime>=4.50<e4.53
Br-automation Automation Runtime>=4.60<d4.63
Br-automation Automation Runtime>=4.70<a4.73
and 1 more
CVE-2020-11644
The information disclosure vulnerability present in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to generate fake audit log...
Br-automation Gatemanager 9250 Firmware<9.0.20262
Br-automation Gatemanager 9250
Br-automation Gatemanager 4260 Firmware<9.0.20262
Br-automation Gatemanager 4260
Br-automation Gatemanager 8250 Firmware<9.2.620236042
Br-automation Gatemanager 8250
CVE-2020-11641
Br-automation Sitemanager<9.2.620236042
CVE-2020-11643
An information disclosure vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to view information of devices belo...
Br-automation Gatemanager 9250 Firmware<9.0.20262
Br-automation Gatemanager 9250
Br-automation Gatemanager 4260 Firmware<9.0.20262
Br-automation Gatemanager 4260
Br-automation Gatemanager 8250 Firmware<9.2.620236042
Br-automation Gatemanager 8250
CVE-2020-11642
The local file inclusion vulnerability present in B&R SiteManager versions <9.2.620236042 allows authenticated users to impact availability of SiteManager instances.
Br-automation Sitemanager<9.2.620236042
CVE-2019-19101
A missing secure communication definition and an incomplete TLS validation in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x, 4.2.x, < 4.3.11SP, < 4.4.9SP, < 4.5.5SP, < 4.6.4 and <...
Br-automation Automation Studio>=4.0<=4.0.29.87
Br-automation Automation Studio>=4.1<=4.1.17.113
Br-automation Automation Studio>=4.2<=4.2.14.119
Br-automation Automation Studio>=4.3<4.3.11
Br-automation Automation Studio>=4.4<4.4.9
Br-automation Automation Studio>=4.5<4.5.5
and 2 more
CVE-2019-19100
A privilege escalation vulnerability in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x, 4.2.x, < 4.3.11SP, < 4.4.9SP, < 4.5.4SP, <. 4.6.3SP, < 4.7.2 and < 4.8.1 allow authenticated...
Br-automation Automation Studio>=4.0<=4.0.29.87
Br-automation Automation Studio>=4.1<=4.1.17.113
Br-automation Automation Studio>=4.2<=4.2.14.119
Br-automation Automation Studio>=4.3<4.3.11
Br-automation Automation Studio>=4.4<4.4.9
Br-automation Automation Studio>=4.5<4.5.4
and 3 more
CVE-2019-19102
A directory traversal vulnerability in SharpZipLib used in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x and 4.2.x allow unauthenticated users to write to certain local directorie...
Br-automation Automation Studio>=4.0<=4.0.32.15
Br-automation Automation Studio>=4.1<=4.1.17.113
Br-automation Automation Studio>=4.2<=4.2.14.119
CVE-2019-19108
An authentication weakness in the SNMP service in B&R Automation Runtime versions 2.96, 3.00, 3.01, 3.06 to 3.10, 4.00 to 4.63, 4.72 and above allows unauthenticated users to modify the configuration ...
Br-automation Automation Runtime>=3.08<=3.10
Br-automation Automation Runtime>=4.00<=4.03
Br-automation Automation Runtime>=4.04<=4.63
Br-automation Automation Runtime=2.96
Br-automation Automation Runtime=3.00
Br-automation Automation Runtime=3.01
and 10 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203