Br-Automation: >> Automation Runtime >> g4.93 Security Vulnerabilities
A reflected
cross-site scripting (XSS) vulnerability exists in the SVG version of System
Diagnostics Manager of B&R Automation Runtime versions <= G4.93 that
enables a remote attacker to execute arbitrary JavaScript code in the context
of the attacked user’s browser session.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-02-05
The FTP server used on the B&R
Automation Runtime supports unsecure encryption mechanisms, such as SSLv3,
TLSv1.0 and TLS1.1. An network-based attacker can exploit the flaws to conduct
man-in-the-middle attacks or to decrypt communications between the affected product
clients.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-02-05
A memory leak in the TFTP service in B&R Automation Runtime versions <N4.26, <N4.34, <F4.45, <E4.53, <D4.63, <A4.73 and prior could allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition.
CVSS Score
5.8
EPSS Score
0.003
Published
2020-10-15