VYPR
Vendor

B&R Industrial Automation

Products
17
CVEs
88
Across products
99
Status
Private

Products

17

Recent CVEs

88
View all 88 CVEs →
  • CVE-2025-3450CriOct 7, 2025
    risk 0.65cvss 10.0epss 0.00

    An Improper Resource Locking vulnerability in the SDM component of B&R Automation Runtime versions before 6.3 and before Q4.93 may allow an unauthenticated network-based attacker to delete data causing denial of service conditions.

  • CVE-2024-45480CriMar 25, 2025
    risk 0.60cvss epss 0.00

    An improper control of generation of code ('Code Injection') vulnerability in the AprolCreateReport component of B&R APROL <4.4-00P5 may allow an unauthenticated network-based attacker to read files from the local system.

  • CVE-2024-8313HigMar 25, 2025
    risk 0.57cvss epss 0.00

    An Exposure of Sensitive System Information to an Unauthorized Control Sphere and Initialization of a Resource with an Insecure Default vulnerability in the SNMP component of B&R APROL <4.4-00P5 may allow an unauthenticated adjacent-based attacker to read and alter configuration…

  • CVE-2024-10210HigMar 25, 2025
    risk 0.55cvss epss 0.00

    An External Control of File Name or Path vulnerability in the APROL Web Portal used in B&R APROL <4.4-005P may allow an authenticated network-based attacker to access data from the file system.

  • CVE-2024-45482HigMar 25, 2025
    risk 0.55cvss epss 0.00

    An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the SSH server on B&R APROL <4.4-00P1 may allow an authenticated local attacker from a trusted remote server to execute malicious commands.

  • CVE-2024-45481HigMar 25, 2025
    risk 0.55cvss epss 0.00

    An Incomplete Filtering of Special Elements vulnerability in scripts using the SSH server on B&R APROL <4.4-00P5 may allow an authenticated local attacker to authenticate as another legitimate user.

  • CVE-2024-10209HigMar 25, 2025
    risk 0.55cvss epss 0.00

    An Incorrect Permission Assignment for Critical Resource vulnerability in the file system used in B&R APROL <4.4-01 may allow an authenticated local attacker to read and alter the configuration of another engineering or runtime user.

  • CVE-2024-10490HigDec 2, 2024
    risk 0.55cvss epss 0.00

    An “Authentication Bypass Using an Alternate Path or Channel” vulnerability in the OPC UA Server configuration required for B&R mapp Cockpit before 6.0, B&R mapp View before 6.0, B&R mapp Services before 6.0, B&R mapp Motion before 6.0 and B&R mapp Vision before 6.0 may be…

  • CVE-2024-8603HigJan 15, 2025
    risk 0.49cvss 7.5epss 0.00

    A “Use of a Broken or Risky Cryptographic Algorithm” vulnerability in the SSL/TLS component used in B&R Automation Runtime versions before 6.1 and B&R mapp View versions before 6.1 may be abused by unauthenticated network-based attackers to masquerade as services on impacted…

  • CVE-2025-11043HigJan 19, 2026
    risk 0.48cvss 7.4epss 0.00

    An Improper Certificate Validation vulnerability in the OPC-UA client and ANSL over TLS client used in Automation Studio versions before 6.5 could allow an unauthenticated attacker on the network to position themselves to intercept and interfere with data exchanges.

  • CVE-2024-45484HigMar 25, 2025
    risk 0.47cvss epss 0.00

    An Allocation of Resources Without Limits or Throttling vulnerability in the operating system network configuration used in B&R APROL <4.4-00P5 may allow an unauthenticated adjacent attacker to per-form Denial-of-Service (DoS) attacks against the product.

  • CVE-2024-2637HigMay 14, 2024
    risk 0.47cvss 7.2epss 0.00

    An Uncontrolled Search Path Element vulnerability in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automation mapp View, B&R Industrial Automation mapp Cockpit, B&R Industrial…

  • CVE-2024-45483HigMar 25, 2025
    risk 0.46cvss epss 0.00

    A Missing Authentication for Critical Function vulnerability in the GRUB configuration used B&R APROL <4.4-01 may allow an unauthenticated physical attacker to alter the boot configuration of the operating system.

  • CVE-2024-10206MedMar 25, 2025
    risk 0.45cvss epss 0.00

    A Server-Side Request Forgery vulnerability in the APROL Web Portal used in B&R APROL <4.4-00P5 may allow an unauthenticated network-based attacker to force the web server to request arbitrary URLs.

  • CVE-2025-11044MedJan 19, 2026
    risk 0.44cvss 6.8epss 0.00

    An Allocation of Resources Without Limits or Throttling vulnerability in the ANSL-Server component of B&R Automation Runtime versions prior to 6.5 and prior to R4.93 could be exploited by an unauthenti-cated attacker on the network to win a race condition, resulting in permanent…

  • CVE-2024-8315MedMar 25, 2025
    risk 0.44cvss epss 0.00

    An Improper Handling of Insufficient Permissions or Privileges vulnerability in scripts used in B&R APROL <4.4-00P5 may allow an authenticated local attacker to read credential information.

  • CVE-2025-11498MedOct 14, 2025
    risk 0.40cvss 6.1epss 0.00

    An Improper Neutralization of Formula Elements in a CSV File vulnerability exists in System Diagnostics Manager (SDM) of B&R Automation Runtime versions before 6.4 enabling a remote attacker to inject formula data into a generated CSV file. The exploitation of this vulnerability…

  • CVE-2025-3448MedOct 7, 2025
    risk 0.40cvss 6.1epss 0.00

    Reflected cross-site scripting (XSS) vulnerabilities exist in System Diagnostics Manager (SDM) of B&R Automation Runtime versions before 6.4 that enables a remote attacker to execute arbitrary JavaScript code in the context of the attacked user’s browser session

  • CVE-2024-8314MedMar 25, 2025
    risk 0.36cvss epss 0.00

    An Incorrect Implementation of Authentication Algorithm and Exposure of Data Element to Wrong Ses-sion vulnerability in the session handling used in B&R APROL <4.4-00P5 may allow an authenticated network attacker to take over a currently active user session without login…

  • CVE-2024-10207MedMar 25, 2025
    risk 0.34cvss epss 0.00

    A Server-Side Request Forgery vulnerability in the APROL Web Portal used in B&R APROL <4.4-00P5 may allow an authenticated network-based attacker to force the web server to request arbitrary URLs.