GCVE - cpe:2.3:a:b&r_industrial_automation:automation

Approved changes feed: RSS · Atom

cpe:2.3:a:b&r_industrial_automation:automation_studio:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	B&R Industrial Automation (`96528465-c3bc-5a8a-9f58-0063fc26b089`)
Product	Automation Studio (`7c022a1f-91c8-529a-8ecc-4bb0ea79c389`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-0220`	vulnerable	2026-06-03 14:54:01.916857	B&R products use insufficient communication encryption HIGH (8.3) B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive data. Published: 2024-02-22T10:15:44.750Z Updated: 2024-09-19T17:24:51.723Z Open on db.gcve.eu Reference links https://www.br-automation.com/fileadmin/SA23P019_Automation_Studio_Upgrade_Service_uses_insufficient_encryption.pdf-1b3b181c.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-22289`	vulnerable	2026-06-03 14:43:52.530418	RCE through Project Upload from Target HIGH (8.3) Improper Input Validation vulnerability in the project upload mechanism in B&R Automation Studio version >=4.0 may allow an unauthenticated network attacker to execute code. Published: 2022-08-11T14:56:02.000Z Updated: 2024-08-03T18:37:18.480Z Open on db.gcve.eu Reference links https://www.br-automation.com/downloads_br_productcatalogue/assets/1640529306294-en-original-1.0.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-22282`	vulnerable	2026-06-03 14:43:52.453451	RCE in B&R Automation Studio with crafted project files HIGH (8.3) Improper Control of Generation of Code ('Code Injection') vulnerability in B&R Industrial Automation Automation Studio allows Local Execution of Code.This issue affects Automation Studio: from 4.0 through 4.12. Published: 2024-02-02T06:38:32.358Z Updated: 2025-06-17T21:29:23.035Z Open on db.gcve.eu Reference links https://www.br-automation.com/fileadmin/2021-12_RCE_Vulnerability_in_BnR_Automation_Studio-1b993aeb.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-22281`	vulnerable	2026-06-03 14:43:52.453001	Zip Slip Vulnerability in B&R Automation Studio Project Import MEDIUM (6.3) : Relative Path Traversal vulnerability in B&R Industrial Automation Automation Studio allows Relative Path Traversal.This issue affects Automation Studio: from 4.0 through 4.12. Published: 2024-02-02T07:24:29.599Z Updated: 2024-08-21T17:32:38.731Z Open on db.gcve.eu Reference links https://www.br-automation.com/fileadmin/2021-11_ZipSlip_Vulnerability_in_Automation_Studio_Project_Import-b90d2f42.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-22280`	vulnerable	2026-06-03 14:43:52.452552	DLL Hijacking Vulnerability in Automation Studio HIGH (7.2) Improper DLL loading algorithms in B&R Automation Studio versions >=4.0 and <4.12 may allow an authenticated local attacker to execute code in the context of the product. Published: 2024-05-14T19:36:51.930Z Updated: 2024-08-03T18:37:18.537Z Open on db.gcve.eu Reference links https://www.br-automation.com/fileadmin/2021-10_DLL_Hijacking_Vulnerability_in_Automation_Studio-7dd34511.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-24682`	vulnerable	2026-06-03 14:42:07.988340	Automation Studio and PVI Multiple unquoted service path vulnerabilities HIGH (7.2) Unquoted Search Path or Element vulnerability in B&R Industrial Automation Automation Studio, B&R Industrial Automation NET/PVI allows Target Programs with Elevated Privileges.This issue affects Automation Studio: from 4.0 through 4.6, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4 SP; NET/PVI: from 4.0 through 4.6, from 4.7.0 before 4.7.7, from 4.8.0 before 4.8.6, from 4.9.0 before 4.9.4. Published: 2024-02-02T07:11:44.086Z Updated: 2025-06-17T21:29:22.845Z Open on db.gcve.eu Reference links https://www.br-automation.com/fileadmin/2021-14-BR-AS-NET-PVI-Service-Issues-c3710fbf.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-24681`	vulnerable	2026-06-03 14:42:07.985977	Automation Studio and PVI Multiple incorrect permission assignments for services HIGH (8.2) Incorrect Permission Assignment for Critical Resource vulnerability in B&R Industrial Automation Automation Studio allows Privilege Escalation.This issue affects Automation Studio: from 4.6.0 through 4.6.X, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4 SP. Published: 2024-02-02T06:58:24.173Z Updated: 2025-05-09T17:52:17.145Z Open on db.gcve.eu Reference links https://www.br-automation.com/fileadmin/2021-14-BR-AS-NET-PVI-Service-Issues-c3710fbf.pdf	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Automation Studio

PURL mappings

Vulnerability references

Contribute