Automation Runtime
Approved changes feed: RSS · Atom
cpe:2.3:a:b&r_industrial_automation_gmbh:automation_runtime:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | B&R Industrial Automation Gmbh (cb18dcfa-747d-5b1b-a436-a5246bce6ee1) |
|---|---|
| Product | Automation Runtime (0f06d008-f122-5a08-ae70-670a905f7d4d) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-3449 |
vulnerable | 2026-06-08 07:23:08.870247 |
Weak Session Token used in Automation Runtime SDM
MEDIUM (4.2)
A Generation of Predictable Numbers or Identifiers vulnerability in the SDM component of B&R Automation Runtime versions before 6.4 may allow an unauthenticated network-based attacker to take over already established sessions.
Published: 2025-10-07T18:21:32.231Z
Updated: 2025-10-08T13:15:41.649Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-3448 |
vulnerable | 2026-06-08 07:23:08.869746 |
XSS on SDM
MEDIUM (6.1)
Reflected cross-site scripting (XSS) vulnerabilities exist in System Diagnostics Manager (SDM) of B&R Automation Runtime versions before 6.4 that enables a remote attacker to execute arbitrary JavaScript code in the context of the attacked user’s browser session
Published: 2025-10-07T18:21:12.633Z
Updated: 2025-10-08T13:11:13.217Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-11498 |
vulnerable | 2026-06-08 07:04:28.261646 |
CSV Formula Injection Vulnerability
MEDIUM (6.1)
An Improper Neutralization of Formula Elements in a CSV File vulnerability exists in System Diagnostics Manager (SDM) of B&R Automation Runtime versions before 6.4 enabling a remote attacker to inject formula data into a generated CSV file. The exploitation of this vulnerability requires the attacker to create a malicious link. The user would need to click on this link, after which the resulting CSV file addi-tionally needs to be manually opened.
Published: 2025-10-14T12:42:59.143Z
Updated: 2025-10-14T15:31:36.665Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-11044 |
vulnerable | 2026-06-08 07:02:27.973532 |
Vulnerability on Automation Runtime my cause DoS Conditions
MEDIUM (6.8)
An Allocation of Resources Without Limits or Throttling vulnerability in the ANSL-Server component of B&R Automation Runtime versions prior to 6.5 and prior to R4.93 could be exploited by an unauthenti-cated attacker on the network to win a race condition, resulting in permanent denial-of-service (DoS) conditions on affected devices.
Published: 2026-01-19T15:57:15.188Z
Updated: 2026-01-20T20:06:35.541Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.