GCVE - cpe:2.3:a:br-automation:automation_runtime:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:br-automation:automation_runtime:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Br Automation (`9a6d54fa-e6bc-5bbc-b950-3afd1660c473`)
Product	Automation Runtime (`87eaa662-1f61-5b24-ac73-a91422ce4f4b`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-5800`	vulnerable	2026-06-03 14:57:54.255237	Diffie-Hellman groups with insufficient strength used in SSL/TLS stack of B&R Automation Runtime Diffie-Hellman groups with insufficient strength are used in the SSL/TLS stack of B&R Automation Runtime versions before 6.0.2, allowing a network attacker to decrypt the SSL/TLS communication. Published: 2024-08-10T03:50:02.159Z Updated: 2024-08-12T14:32:22.309Z Open on db.gcve.eu Reference links https://www.br-automation.com/fileadmin/SA24P011-d8aaf02f.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-2637`	vulnerable	2026-06-03 14:55:29.771446	Insecure Loading of Code in B&R Products HIGH (7.2) An Uncontrolled Search Path Element vulnerability in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automation mapp View, B&R Industrial Automation mapp Cockpit, B&R Industrial Automation mapp Safety, B&R Industrial Automation VC4, B&R Industrial Automation APROL, B&R Industrial Automation CAN Driver, B&R Industrial Automation CAN Driver CC770, B&R Industrial Automation CAN Driver SJA1000, B&R Industrial Automation Tou0ch Lock, B&R Industrial Automation B&R Single-Touch Driver, B&R Industrial Automation Serial User Mode Touch Driver, B&R Industrial Automation Windows Settings Changer (LTSC), B&R Industrial Automation Windows Settings Changer (2019 LTSC), B&R Industrial Automation Windows 10 Recovery Solution, B&R Industrial Automation ADI driver universal, B&R Industrial Automation ADI Development Kit, B&R Industrial Automation ADI .NET SDK, B&R Industrial Automation SRAM driver, B&R Industrial Automation HMI Service Center, B&R Industrial Automation HMI Service Center Maintenance, B&R Industrial Automation Windows 10 IoT Enterprise 2019 LTSC, B&R Industrial Automation KCF Editor could allow an authenticated local attacker to execute malicious code by placing specially crafted files in the loading search path..This issue affects Scene Viewer: before 4.4.0; Automation Runtime: before J4.93; mapp Vision: before 5.26.1; mapp View: before 5.24.2; mapp Cockpit: before 5.24.2; mapp Safety: before 5.24.2; VC4: before 4.73.2; APROL: before 4.4-01; CAN Driver: before 1.1.0; CAN Driver CC770: before 3.3.0; CAN Driver SJA1000: before 1.3.0; Tou0ch Lock: before 2.1.0; B&R Single-Touch Driver: before 2.0.0; Serial User Mode Touch Driver: before 1.7.1; Windows Settings Changer (LTSC): before 3.2.0; Windows Settings Changer (2019 LTSC): before 2.2.0; Windows 10 Recovery Solution: before 3.2.0; ADI driver universal: before 3.2.0; ADI Development Kit: before 5.5.0; ADI .NET SDK: before 4.1.0; SRAM driver: before 1.2.0; HMI Service Center: before 3.1.0; HMI Service Center Maintenance: before 2.1.0; Windows 10 IoT Enterprise 2019 LTSC: through 1.1; KCF Editor: before 1.1.0. Published: 2024-05-14T18:49:28.624Z Updated: 2025-04-24T06:52:46.092Z Open on db.gcve.eu Reference links https://www.br-automation.com/fileadmin/SA24P005_Insecure_Loading_of_Code-c7d9e49c.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-0323`	vulnerable	2026-06-03 14:54:02.141466	FTP uses unsecure encryption mechanisms CRITICAL (9.8) The FTP server used on the B&R Automation Runtime supports unsecure encryption mechanisms, such as SSLv3, TLSv1.0 and TLS1.1. An network-based attacker can exploit the flaws to conduct man-in-the-middle attacks or to decrypt communications between the affected product clients. Published: 2024-02-05T16:05:47.612Z Updated: 2024-09-06T07:21:29.270Z Open on db.gcve.eu Reference links https://www.br-automation.com/fileadmin/SA23P004_FTP_uses_unsecure_encryption_mechanisms-f57c147c.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-6028`	vulnerable	2026-06-03 14:53:50.192989	SDM Web interface vulnerable to XSS MEDIUM (6.1) A reflected cross-site scripting (XSS) vulnerability exists in the SVG version of System Diagnostics Manager of B&R Automation Runtime versions <= G4.93 that enables a remote attacker to execute arbitrary JavaScript code in the context of the attacked user’s browser session. Published: 2024-02-05T17:33:34.785Z Updated: 2024-08-02T08:21:17.060Z Open on db.gcve.eu Reference links https://www.br-automation.com/fileadmin/SA23P018_SDM_Web_interface_vulnerable_to_XSS-1d75bee8.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-3242`	vulnerable	2026-06-03 14:52:40.249957	Details available HIGH (8.6) Improper initialization implementation in Portmapper used in B&R Industrial Automation Automation Runtime <G4.93 allows unauthenticated network-based attackers to cause permanent denial-of-service conditions. Published: 2023-07-26T17:36:18.417Z Updated: 2024-10-23T15:31:51.096Z Open on db.gcve.eu Reference links https://www.br-automation.com/downloads_br_productcatalogue/assets/1689787619746-en-original-1.0.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-4286`	vulnerable	2026-06-03 14:48:35.414600	Reflected Cross-Site Scripting Vulnerabilities in Automation Runtime MEDIUM (6.1) A reflected cross-site scripting (XSS) vulnerability exists in System Diagnostics Manager of B&R Automation Runtime versions >=3.00 and <=C4.93 that enables a remote attacker to execute arbitrary JavaScript in the context of the users browser session. Published: 2023-02-14T14:25:37.538Z Updated: 2025-03-20T14:07:56.101Z Open on db.gcve.eu Reference links https://www.br-automation.com/downloads_br_productcatalogue/assets/1675607299099-en-original-1.0.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-22275`	vulnerable	2026-06-03 14:43:52.407571	Denial of service vulnerability on Automation Runtime webserver HIGH (8.6) Buffer Overflow vulnerability in B&R Automation Runtime webserver allows an unauthenticated network-based attacker to stop the cyclic program on the device and cause a denial of service. Published: 2022-05-13T14:23:20.000Z Updated: 2024-08-03T18:37:18.446Z Open on db.gcve.eu Reference links https://www.br-automation.com/downloads_br_productcatalogue/assets/1625405588264-en-original-1.0.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-11637`	vulnerable	2026-06-03 14:41:26.407909	Automation Runtime TFTP Service DoS Vulnerability MEDIUM (5.8) A memory leak in the TFTP service in B&R Automation Runtime versions <N4.26, <N4.34, <F4.45, <E4.53, <D4.63, <A4.73 and prior could allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition. Published: 2020-10-15T15:08:14.438Z Updated: 2024-09-16T16:33:01.394Z Open on db.gcve.eu Reference links https://www.br-automation.com/downloads_br_productcatalogue/assets/1595163815396-de-original-1.0.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-19108`	vulnerable	2026-06-03 14:40:03.890808	B&R Automation Runtime SNMP Authentication and Authorization Weakness CRITICAL (9.4) An authentication weakness in the SNMP service in B&R Automation Runtime versions 2.96, 3.00, 3.01, 3.06 to 3.10, 4.00 to 4.63, 4.72 and above allows unauthenticated users to modify the configuration of B&R products via SNMP. Published: 2020-04-20T21:48:29.000Z Updated: 2024-08-05T02:09:39.340Z Open on db.gcve.eu Reference links https://www.br-automation.com/en/downloads/012020-automation-runtime-snmp-authentication-weakness/ https://www.us-cert.gov/ics/advisories/icsa-20-051-01	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.