Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

B&R Industrial Automation — Vulnerabilities & Security Advisories 29

Browse all 29 CVE security advisories affecting B&R Industrial Automation. AI-powered Chinese analysis, POCs, and references for each vulnerability.

B&R Industrial Automation specializes in industrial automation technology, providing hardware and software solutions for machine building and factory automation. The company’s product portfolio, which includes programmable logic controllers and drive systems, has been associated with 29 recorded Common Vulnerabilities and Exposures (CVEs). Historically, these security flaws predominantly involve remote code execution and buffer overflow vulnerabilities, often stemming from insufficient input validation in network-facing services. While specific high-profile breaches are not widely publicized, the concentration of critical severity ratings indicates systemic weaknesses in legacy protocol implementations and default configuration settings. These issues pose significant risks to operational technology environments, potentially allowing unauthorized control over industrial processes. The profile suggests a need for rigorous patch management and network segmentation to mitigate the impact of these persistent software defects within critical infrastructure deployments.

Top products by B&R Industrial Automation: B&R APROL Automation Studio Automation Runtime B&R Automation Runtime B&R VC4 Scene Viewer
CVE IDTitleCVSSSeverityPublished
CVE-2025-3450 Automation Runtime SDM requests may impact system — Automation RuntimeCWE-413 10.0 Critical2025-10-07
CVE-2024-45482 Privilege escalation in B&R APROL — B&R APROLCWE-829 7.8AIHighAI2025-03-25
CVE-2024-45481 Improper authentication in SSH of B&R APROL — B&R APROLCWE-791 7.8AIHighAI2025-03-25
CVE-2024-45480 Unauthorized local file reading in B&R APROL — B&R APROLCWE-94 9.1AICriticalAI2025-03-25
CVE-2024-8315 Improper Handling of Insufficient Permissions or Privileges in B&R APROL — B&R APROLCWE-280 5.5AIMediumAI2025-03-25
CVE-2024-8603 B&R Automation Runtime 加密问题漏洞 — Automation RuntimeCWE-327 7.5 High2025-01-15
CVE-2024-5624 Reflected Cross-Site Scripting (XSS) in Shift Logbook application of B&R APROL — B&R APROLCWE-79 6.1AIMediumAI2024-08-29
CVE-2024-5623 Untrusted search path vulnerability in B&R APROL — B&R APROLCWE-250 7.3AIHighAI2024-08-29
CVE-2024-5622 Untrusted search path vulnerability in the AprolConfigureCCServices of B&R APROL — B&R APROLCWE-250 7.8AIHighAI2024-08-29
CVE-2024-5801 IP Forwarding enabled in B&R Automation Runtime — Automation RuntimeCWE-1188 7.5AIHighAI2024-08-10
CVE-2024-5800 Diffie-Hellman groups with insufficient strength used in SSL/TLS stack of B&R Automation Runtime — Automation RuntimeCWE-326 7.5AIHighAI2024-08-10
CVE-2021-22280 DLL Hijacking Vulnerability in Automation Studio — Automation Studio 7.2 High2024-05-14
CVE-2024-2637 Insecure Loading of Code in B&R Products — Scene ViewerCWE-427 7.2 High2024-05-14
CVE-2024-0220 B&R products use insufficient communication encryption — Automation StudioCWE-1240 8.3 High2024-02-22
CVE-2023-6028 SDM Web interface vulnerable to XSS — Automation RuntimeCWE-79 6.1 Medium2024-02-05
CVE-2024-0323 FTP uses unsecure encryption mechanisms — Automation RuntimeCWE-1240 9.8 Critical2024-02-05
CVE-2021-22281 Zip Slip Vulnerability in B&R Automation Studio Project Import — Automation StudioCWE-23 6.3 Medium2024-02-02
CVE-2020-24682 Automation Studio and PVI Multiple unquoted service path vulnerabilities — Automation StudioCWE-428 7.2 High2024-02-02
CVE-2020-24681 Automation Studio and PVI Multiple incorrect permission assignments for services — Automation StudioCWE-732 8.2 High2024-02-02
CVE-2021-22282 RCE in B&R Automation Studio with crafted project files — Automation StudioCWE-94 8.3 High2024-02-02
CVE-2023-3242 B&R Industrial Automation GmbH Runtime 安全漏洞 — B&R Automation RuntimeCWE-770 8.6 High2023-07-26
CVE-2023-1617 Improper Authentication Mechanism in B&R VC4 Visualization — B&R VC4CWE-287 9.8 Critical2023-04-14
CVE-2022-4286 Reflected Cross-Site Scripting Vulnerabilities in Automation Runtime — B&R Automation RuntimeCWE-79 6.1 Medium2023-02-14
CVE-2022-43765 DoS in APROLs Tbase server — B&R APROLCWE-252 7.5 High2023-02-08
CVE-2022-43764 Buffer overflow when changing configuration on Tbase Server — B&R APROLCWE-121 9.8 Critical2023-02-08
CVE-2022-43763 Lack of checking preconditions in APROL — B&R APROLCWE-252 7.5 High2023-02-08
CVE-2022-43762 Memory leak when receiving messages in APROL Tbase server — B&R APROLCWE-119 7.5 High2023-02-08
CVE-2022-43761 Lack of authentication when managing APROL database — B&R APROLCWE-306 9.4 Critical2023-02-08
CVE-2021-22289 RCE through Project Upload from Target — Automation StudioCWE-20 8.3 High2022-08-11

This page lists every published CVE security advisory associated with B&R Industrial Automation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.