Br-Automation: >> Automation Runtime >> i4.93 Security Vulnerabilities
The FTP server used on the B&R
Automation Runtime supports unsecure encryption mechanisms, such as SSLv3,
TLSv1.0 and TLS1.1. An network-based attacker can exploit the flaws to conduct
man-in-the-middle attacks or to decrypt communications between the affected product
clients.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-02-05
A memory leak in the TFTP service in B&R Automation Runtime versions <N4.26, <N4.34, <F4.45, <E4.53, <D4.63, <A4.73 and prior could allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition.
CVSS Score
5.8
EPSS Score
0.003
Published
2020-10-15