System Diagnostics Manager (SDM)
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-11498 | Med | 0.40 | 6.1 | 0.00 | Oct 14, 2025 | An Improper Neutralization of Formula Elements in a CSV File vulnerability exists in System Diagnostics Manager (SDM) of B&R Automation Runtime versions before 6.4 enabling a remote attacker to inject formula data into a generated CSV file. The exploitation of this vulnerability… | ||
| CVE-2025-3448 | Med | 0.40 | 6.1 | 0.00 | Oct 7, 2025 | Reflected cross-site scripting (XSS) vulnerabilities exist in System Diagnostics Manager (SDM) of B&R Automation Runtime versions before 6.4 that enables a remote attacker to execute arbitrary JavaScript code in the context of the attacked user’s browser session | ||
| CVE-2023-6028 | Med | 0.40 | 6.1 | 0.00 | Feb 5, 2024 | A reflected cross-site scripting (XSS) vulnerability exists in the SVG version of System Diagnostics Manager of B&R Automation Runtime versions <= G4.93 that enables a remote attacker to execute arbitrary JavaScript code in the context of the attacked user’s browser session. … | ||
| CVE-2022-4286 | Med | 0.40 | 6.1 | 0.01 | Feb 14, 2023 | A reflected cross-site scripting (XSS) vulnerability exists in System Diagnostics Manager of B&R Automation Runtime versions >=3.00 and <=C4.93 that enables a remote attacker to execute arbitrary JavaScript in the context of the users browser session. |
- risk 0.40cvss 6.1epss 0.00
An Improper Neutralization of Formula Elements in a CSV File vulnerability exists in System Diagnostics Manager (SDM) of B&R Automation Runtime versions before 6.4 enabling a remote attacker to inject formula data into a generated CSV file. The exploitation of this vulnerability…
- risk 0.40cvss 6.1epss 0.00
Reflected cross-site scripting (XSS) vulnerabilities exist in System Diagnostics Manager (SDM) of B&R Automation Runtime versions before 6.4 that enables a remote attacker to execute arbitrary JavaScript code in the context of the attacked user’s browser session
- risk 0.40cvss 6.1epss 0.00
A reflected cross-site scripting (XSS) vulnerability exists in the SVG version of System Diagnostics Manager of B&R Automation Runtime versions <= G4.93 that enables a remote attacker to execute arbitrary JavaScript code in the context of the attacked user’s browser session. …
- risk 0.40cvss 6.1epss 0.01
A reflected cross-site scripting (XSS) vulnerability exists in System Diagnostics Manager of B&R Automation Runtime versions >=3.00 and <=C4.93 that enables a remote attacker to execute arbitrary JavaScript in the context of the users browser session.