Login

Cyber Security Advisories und Notices

2025

Freigabe	Beschreibung	Dokumentversion
07.10.2025 (Update 14.10.2025)	Advisory SA25P003: Vulnerabilities in System Diagnostic Manager (SDM) (CSAF)	2.0
07.10.2025	Advisory SA25P002: DoS Vulnerability in System Diagnostics Manager (SDM) (CSAF)	1.0
24.03.2025	Advisory SA24P015: B&R APROL Potential Privilege Escalation and Information Disclosure (CSAF)	1.0
15.01.2025 (Update 16.01.2025)	Advisory SA25P001: Use of insecure algorithm for self-signed certificates in AR and mapp View (CSAF)	1.1

2024

Freigabe	Beschreibung	Dokumentversion
27.11.2024	Advisory SA22P014: Authentication bypass flaw in several mapp components	1.0
27.08.2024 (Update 28.08.2024)	Advisory SA24P014: Multiple vulnerabilities in B&R APROL	1.1
09.08.2024 (Update 30.08.2024)	Advisory SA24P011: Several vulnerabilities in B&R Automation Runtime	1.1
14.05.2024 (Update 06.06.2025)	Advisory SA24P005: Insecure Loading of Code in B&R Products (CSAF)	1.3
12.04.2024	Advisory SA24P002: Impact of LogoFail vulnerability on B&R Industrial PCs and HMI products	1.1
10.04.2024	Advisory SA24P006: B&R APROL - Several vulnerabilities in the Docker Engine	1.1
22.02.2024	Advisory SA23P019: B&R Automation Studio & B&R Technology Guarding - B&R products use insufficient communication encryption	1.0
14.02.2024	Advisory SA24P004: B&R APROL - SSH Service vulnerable to Terrapin Attack	1.0
05.02.2024 (Update 06.02.2024)	Advisory SA23P018: B&R Automation Runtime - SDM Web interface vulnerable to XSS	1.1
05.02.2024	Advisory SA23P004: B&R Automation Runtime - FTP uses unsecure encryption mechanism	1.0

2023

Freigabe	Beschreibung	Dokumentversion
26.07.2023	Advisory SA23P013: B&R Automation Runtime - SYN Flooding Vulnerability in Portmapper	1.0
31.05.2023 (Update 09.08.2023)	Advisory SA23P011: B&R APROL - Abuse SLP based traffic for amplification attack	1.1
14.04.2023	Advisory SA23P002: Several Issues in B&R VC4 Visualization	1.0
27.02.2023 (Update 06.03.2024)	Advisory SA22P011: Vulnerable TigerVNC Version used in B&R Products	1.1
15.02.2023 (Update 17.04.2023)	Advisory SA22P001: Impact of Insyde UEFI Boot Issues on B&R Products	1.2
14.02.2023	Advisory SA22P024: Reflected Cross-Site Scripting Vulnerabitities in SDM	1.0
30.01.2023 (Update 03.02.2023)	Advisory SA22P016: Several Issues in APROL Database	1.1

2022

Nummer	Beschreibung	Dokumentversion
04/2022 (Update 08.02.2023)	Advisory: Impact of Vulnerability in WIBU CodeMeter Runtime to B&R Products	1.2
03/2022	Notice: INCONTROLLER	1.0
02/2022 (Update 24.06.2024)	Advisory: A flaw in Chainsaw component of Log4j can lead to code execution	1.1
01/2022	Advisory: RCE through Project Upload from Target ("Evil PLC Attack")	1.2

2021

Nummer	Beschreibung	Dokumentversion
15/2021	Notice: Log4Shell - Impact on B&R Products	1.1
14/2021	Advisory: Vulnerabilities in B&R Automation Studio and PVI Windows Services	1.0
13/2021	Advisory: Number:Jack in B&R Products	1.0
12/2021	Advisory: RCE Vulnerability in Automation Studio	1.0
11/2021	Advisory: ZipSlip Vulnerability in Automation Studio Project Import	1.0
10/2021 (Updated 14.05.2024)	Advisory: DLL Hijacking Vulnerability in Automation Studio	1.1
09/2021	Notice: INFRA:HALT - Impact on B&R Products	1.0
08/2021	Advisory: Denial of service vulnerability on Automation Runtime webserver	1.0
07/2021	Advisory: Denial of Service vulnerability in B&R Industrial Automation PROFINET IO Device	1.0
06/2021	Advisory: Stack crash in B&R Industrial Automation X20 EthernetIP Adpater	1.0
05/2021	Advisory: Multiple Vulnerabilities in AR NTP Service	1.0
04/2021	Advisory: Amnesia33- Impact on B&R Products	1.1
03/2021	Advisory: NAME:WRECK Impact on Automation Runtime and ARwin	1.1
02/2021	Advisory: Denial-of-Service Vulnerability handling PROFINET DCE-RPC Network Packets	1.0
01/2021	Advisory: B&R Products affected by WIBU CodeMeter Vulnerabilities	1.1

2020

Nummer	Beschreibung	Version
01/2020	Advisory: Automation Runtime SNMP Authentication and Authorization Weakness	1.0
02/2020	Advisory: TPM-Fail	1.1
03/2020	Advisory: Multiple Vulnerabilities in Automation Studio	1.1
04/2020	Advisory: Automation Runtime TFTP Service DoS Vulnerability	1.1
05/2020	Notice: Ripple20 – Impact on B&R Products	1.0
06/2020	Advisory: Multiple Vulnerabilities in SiteManager and GateManage	1.0
07/2020	Advisory: Multiple Vulnerabilities in GateManager	1.0

2019

Nummer	Beschreibung	Dokumentversion
2019_02	VxWorks RPC Buffer Overflow Vulnerability CVE-2019-9865	1.0
2019_01	VxWorks IPnet Vulnerabilities	1.1