VYPR

Automation Runtime

by B&R Industrial Automation

CVEs (16)

  • CVE-2025-3450CriOct 7, 2025
    risk 0.65cvss 10.0epss 0.00

    An Improper Resource Locking vulnerability in the SDM component of B&R Automation Runtime versions before 6.3 and before Q4.93 may allow an unauthenticated network-based attacker to delete data causing denial of service conditions.

  • CVE-2024-8603HigJan 15, 2025
    risk 0.49cvss 7.5epss 0.00

    A “Use of a Broken or Risky Cryptographic Algorithm” vulnerability in the SSL/TLS component used in B&R Automation Runtime versions before 6.1 and B&R mapp View versions before 6.1 may be abused by unauthenticated network-based attackers to masquerade as services on impacted…

  • CVE-2024-2637HigMay 14, 2024
    risk 0.47cvss 7.2epss 0.00

    An Uncontrolled Search Path Element vulnerability in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automation mapp View, B&R Industrial Automation mapp Cockpit, B&R Industrial…

  • CVE-2025-11044MedJan 19, 2026
    risk 0.44cvss 6.8epss 0.00

    An Allocation of Resources Without Limits or Throttling vulnerability in the ANSL-Server component of B&R Automation Runtime versions prior to 6.5 and prior to R4.93 could be exploited by an unauthenti-cated attacker on the network to win a race condition, resulting in permanent…

  • CVE-2025-11498MedOct 14, 2025
    risk 0.40cvss 6.1epss 0.00

    An Improper Neutralization of Formula Elements in a CSV File vulnerability exists in System Diagnostics Manager (SDM) of B&R Automation Runtime versions before 6.4 enabling a remote attacker to inject formula data into a generated CSV file. The exploitation of this vulnerability…

  • CVE-2025-3448MedOct 7, 2025
    risk 0.40cvss 6.1epss 0.00

    Reflected cross-site scripting (XSS) vulnerabilities exist in System Diagnostics Manager (SDM) of B&R Automation Runtime versions before 6.4 that enables a remote attacker to execute arbitrary JavaScript code in the context of the attacked user’s browser session

  • CVE-2024-5801MedAug 12, 2024
    risk 0.34cvss epss 0.00

    Enabled IP Forwarding feature in B&R Automation Runtime versions before 6.0.2 may allow remote attack-ers to compromise network security by routing IP-based packets through the host, potentially by-passing firewall, router, or NAC filtering.

  • CVE-2025-3449MedOct 7, 2025
    risk 0.27cvss 4.2epss 0.00

    A Generation of Predictable Numbers or Identifiers vulnerability in the SDM component of B&R Automation Runtime versions before 6.4 may allow an unauthenticated network-based attacker to take over already established sessions.

  • CVE-2024-5800Aug 10, 2024
    risk 0.00cvss epss 0.00

    Diffie-Hellman groups with insufficient strength are used in the SSL/TLS stack of B&R Automation Runtime versions before 6.0.2, allowing a network attacker to decrypt the SSL/TLS communication.

  • CVE-2023-6028Feb 5, 2024
    risk 0.00cvss epss 0.00

    A reflected cross-site scripting (XSS) vulnerability exists in the SVG version of System Diagnostics Manager of B&R Automation Runtime versions <= G4.93 that enables a remote attacker to execute arbitrary JavaScript code in the context of the attacked user’s browser session. …

  • CVE-2024-0323Feb 5, 2024
    risk 0.00cvss epss 0.00

    The FTP server used on the B&R Automation Runtime supports unsecure encryption mechanisms, such as SSLv3, TLSv1.0 and TLS1.1. An network-based attacker can exploit the flaws to conduct man-in-the-middle attacks or to decrypt communications between the affected product clients.

  • CVE-2023-3242Jul 26, 2023
    risk 0.00cvss epss 0.00

    Improper initialization implementation in Portmapper used in B&R Industrial Automation Automation Runtime <G4.93 allows unauthenticated network-based attackers to cause permanent denial-of-service conditions.

  • CVE-2022-4286Feb 14, 2023
    risk 0.00cvss epss 0.01

    A reflected cross-site scripting (XSS) vulnerability exists in System Diagnostics Manager of B&R Automation Runtime versions >=3.00 and <=C4.93 that enables a remote attacker to execute arbitrary JavaScript in the context of the users browser session.

  • CVE-2021-22275May 13, 2022
    risk 0.00cvss epss 0.01

    Buffer Overflow vulnerability in B&R Automation Runtime webserver allows an unauthenticated network-based attacker to stop the cyclic program on the device and cause a denial of service.

  • CVE-2020-11637Oct 15, 2020
    risk 0.00cvss epss 0.01

    A memory leak in the TFTP service in B&R Automation Runtime versions <N4.26, <N4.34, <F4.45, <E4.53, <D4.63, <A4.73 and prior could allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition.

  • CVE-2019-19108Apr 20, 2020
    risk 0.00cvss epss 0.02

    An authentication weakness in the SNMP service in B&R Automation Runtime versions 2.96, 3.00, 3.01, 3.06 to 3.10, 4.00 to 4.63, 4.72 and above allows unauthenticated users to modify the configuration of B&R products via SNMP.