Filtered by vendor Br-automation
Subscriptions
Total
39 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-0220 | 1 Br-automation | 1 Automation Studio | 2024-09-19 | 8.3 High |
B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive data. | ||||
CVE-2020-11641 | 1 Br-automation | 1 Sitemanager | 2024-09-17 | 7.7 High |
A local file inclusion vulnerability in B&R SiteManager versions <9.2.620236042 allows authenticated users to read sensitive files from SiteManager instances. | ||||
CVE-2020-11646 | 1 Br-automation | 6 Gatemanager 4260, Gatemanager 4260 Firmware, Gatemanager 8250 and 3 more | 2024-09-17 | 4.3 Medium |
A log information disclosure vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to view log information reserved for other users. | ||||
CVE-2020-11643 | 1 Br-automation | 6 Gatemanager 4260, Gatemanager 4260 Firmware, Gatemanager 8250 and 3 more | 2024-09-17 | 6.5 Medium |
An information disclosure vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to view information of devices belonging to foreign domains. | ||||
CVE-2020-11645 | 1 Br-automation | 6 Gatemanager 4260, Gatemanager 4260 Firmware, Gatemanager 8250 and 3 more | 2024-09-17 | 6.5 Medium |
A denial of service vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to limit availability of GateManager instances. | ||||
CVE-2020-11642 | 1 Br-automation | 1 Sitemanager | 2024-09-17 | 7.7 High |
The local file inclusion vulnerability present in B&R SiteManager versions <9.2.620236042 allows authenticated users to impact availability of SiteManager instances. | ||||
CVE-2020-11644 | 1 Br-automation | 6 Gatemanager 4260, Gatemanager 4260 Firmware, Gatemanager 8250 and 3 more | 2024-09-16 | 6.5 Medium |
The information disclosure vulnerability present in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to generate fake audit log messages. | ||||
CVE-2020-11637 | 1 Br-automation | 1 Automation Runtime | 2024-09-16 | 5.8 Medium |
A memory leak in the TFTP service in B&R Automation Runtime versions <N4.26, <N4.34, <F4.45, <E4.53, <D4.63, <A4.73 and prior could allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition. | ||||
CVE-2024-5624 | 1 Br-automation | 1 Industrial Automation Aprol | 2024-09-13 | 6.1 Medium |
Reflected Cross-Site Scripting (XSS) in Shift Logbook application of B&R APROL <= R 4.4-00P3 may allow a network-based attacker to execute arbitrary JavaScript code in the context of the user's browser session | ||||
CVE-2024-5622 | 2 B And R Industrial Automotion, Br-automation | 2 B And R Aprol, Industrial Automation Aprol | 2024-09-13 | 7.8 High |
An untrusted search path vulnerability in the AprolConfigureCCServices of B&R APROL <= R 4.2.-07P3 and <= R 4.4-00P3 may allow an authenticated local attacker to execute arbitrary code with elevated privileges. | ||||
CVE-2024-5623 | 1 Br-automation | 1 Industrial Automation Aprol | 2024-09-13 | 7.8 High |
An untrusted search path vulnerability in B&R APROL <= R 4.4-00P3 may be used by an authenticated local attacker to get other users to execute arbitrary code under their privileges. | ||||
CVE-2024-0323 | 1 Br-automation | 1 Automation Runtime | 2024-09-06 | 9.8 Critical |
The FTP server used on the B&R Automation Runtime supports unsecure encryption mechanisms, such as SSLv3, TLSv1.0 and TLS1.1. An network-based attacker can exploit the flaws to conduct man-in-the-middle attacks or to decrypt communications between the affected product clients. | ||||
CVE-2021-22281 | 1 Br-automation | 1 Automation Studio | 2024-08-21 | 6.3 Medium |
: Relative Path Traversal vulnerability in B&R Industrial Automation Automation Studio allows Relative Path Traversal.This issue affects Automation Studio: from 4.0 through 4.12. | ||||
CVE-2019-19877 | 1 Br-automation | 1 Industrial Automation Aprol | 2024-08-05 | 5.3 Medium |
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get access to sensitive information outside the working directory via Directory Traversal attacks against AprolSqlServer, a different vulnerability than CVE-2019-16357. | ||||
CVE-2019-19875 | 1 Br-automation | 1 Industrial Automation Aprol | 2024-08-05 | 9.8 Critical |
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. Arbitrary commands could be injected (using Python scripts) via the AprolCluster script that is invoked via sudo and thus executes with root privileges, a different vulnerability than CVE-2019-16364. | ||||
CVE-2019-19876 | 1 Br-automation | 1 Industrial Automation Aprol | 2024-08-05 | 9.8 Critical |
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An EnMon PHP script was vulnerable to SQL injection, a different vulnerability than CVE-2019-10006. | ||||
CVE-2019-19878 | 1 Br-automation | 1 Industrial Automation Aprol | 2024-08-05 | 7.5 High |
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get access to historical data from AprolSqlServer by bypassing authentication, a different vulnerability than CVE-2019-16358. | ||||
CVE-2019-19872 | 1 Br-automation | 1 Industrial Automation Aprol | 2024-08-05 | 9.8 Critical |
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. The AprolLoader could be used to inject and execute arbitrary unintended commands via an unspecified attack scenario, a different vulnerability than CVE-2019-16364. | ||||
CVE-2019-19869 | 1 Br-automation | 1 Industrial Automation Aprol | 2024-08-05 | 7.5 High |
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. PVs could be changed (unencrypted) by using the IosHttp service and the JSON interface. | ||||
CVE-2019-19874 | 1 Br-automation | 1 Industrial Automation Aprol | 2024-08-05 | 9.8 Critical |
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. Some web scripts in the web interface allowed injection and execution of arbitrary unintended commands on the web server, a different vulnerability than CVE-2019-16364. |