Login

Cyber Security Advisories and Notices

2025

Release	Description	Document version
2025-10-07 (Update 2025-10-14)	Advisory SA2025P003: Vulnerabilities in System Diagnostic Manager (SDM) (CSAF)	2.0
2025-10-07	Advisory SA25P002: DoS Vulnerability in System Diagnostics Manager (SDM) (CSAF)	1.0
2025-03-24	Advisory SA24P015: B&R APROL Potential Privilege Escalation and Information Disclosure (CSAF)	1.0
2025-01-15 (Update 2025-01-16)	Advisory SA25P001: Use of insecure algorithm for self-signed certificates in AR and mappView (CSAF)	1.1

2024

Release	Description	Document version
2024-11-27	Advisory SA22P014: Authentication bypass flaw in several mapp components	1.0
2024-08-27 (Update 2024-08-28)	Advisory SA24P014: Multiple vulnerabilities in B&R APROL	1.1
2024-08-09 (Update 2024-08-30)	Advisory SA24P011: Several vulnerabilities in B&R Automation Runtime	1.1
2024-05-14 (Update 2025-06-06)	Advisory SA24P005: Insecure Loading of Code in B&R Products (CSAF)	1.3
2024-04-12	Advisory SA24P002: Impact of LogoFail vulnerability on B&R Industrial PCs and HMI products	1.1
2024-04-10	Advisory SA24P006: B&R APROL - Several vulnerabilities in the Docker Engine	1.1
2024-02-22	Advisory SA23P019: B&R Automation Studio & B&R Technology Guarding - B&R products use insufficient communication encryption	1.0
2024-02-14	Advisory SA24P004: SSH Service vulnerable to Terrapin attack	1.0
2024-02-05 (Update 2024-02-06)	Advisory SA23P018: B&R Automation Runtime - SDM Web interface vulnerable to XSS	1.1
2024-02-05	Advisory SA23P004: B&R Automation Runtime - FTP uses unsecure encryption mechanisms	1.0

2023

Release	Description	Document version
2023-07-26	Advisory SA23P013: B&R Automation Runtime - SYN Flooding Vulnerability in Portmapper	1.0
2023-05-31 (Update 2023-08-09)	Advisory SA23P011: B&R APROL - Abuse SLP based traffic for amplification attack	1.1
2023-04-14	Advisory SA23P002: Several Issues in B&R VC4 Visualization	1.0
2023-02-27 (Update 2024-03-06)	Advisory SA22P011: Vulnerable TigerVNC Version used in B&R Products	1.1
2023-02-15 (Update 2023-04-17)	Advisory SA22P001: Impact of Insyde UEFI Boot Issues on B&R Products	1.2
2023-02-14	Advisory SA22P024: Reflected Cross-Site Scripting Vulnerabilities in SDM	1.0
2023-01-30 (Update 2023-02-03)	Advisory SA22P016: Several Issues in APROL Database	1.1

2022

Number	Description	Document version
04/2022 (Update 2023-02-08)	Advisory: Impact of Vulnerability in WIBU CodeMeter Runtime to B&R Products	1.2
03/2022	Notice: INCONTROLLER	1.0
02/2022 (Update 2024-06-24)	Advisory: A flaw in Chainsaw component of Log4j can lead to code execution	1.1
01/2022	Advisory: RCE through Project Upload from Target ("Evil PLC Attack")	1.2

2021

Number	Description	Document version
15/2021	Notice: Log4Shell - Impact on B&R Products	1.1
14/2021	Advisory: Vulnerabilities in B&R Automation Studio and PVI Windows Services	1.0
13/2021	Advisory: Number:Jack in B&R Products	1.0
12/2021	Advisory: RCE Vulnerability in Automation Studio	1.0
11/2021	Advisory: ZipSlip Vulnerability in Automation Studio Project Import	1.0
10/2021 (Updated 2024-05-14)	Advisory: DLL Hijacking Vulnerability in Automation Studio	1.1
09/2021	Notice: INFRA:HALT - Impact on B&R Products	1.0
08/2021	Advisory: Denial of service vulnerability on Automation Runtime webserver	1.0
07/2021	Advisory: Denial of Service vulnerability in B&R Industrial Automation PROFINET IO Device	1.0
06/2021	Advisory: Stack crash in B&R Industrial Automation X20 EthernetIP Adapter	1.0
05/2021	Advisory: Multiple Vulnerabilities in AR NTP Service	1.0
04/2021	Advisory: Amnesia33- Impact on B&R Products	1.1
03/2021	Advisory: NAME:WRECK Impact on Automation Runtime and ARwin	1.1
02/2021	Advisory: Denial-of-Service Vulnerability handling PROFINET DCE-RPC Network Packets	1.0
01/2021	Advisory: B&R Products affected by WIBU CodeMeter Vulnerabilities	1.1

2020

Number	Description	Version
01/2020	Advisory: Automation Runtime SNMP Authentication and Authorization Weakness	1.0
02/2020	Advisory: TPM-Fail	1.1
03/2020	Advisory: Multiple Vulnerabilities in Automation Studio	1.1
04/2020	Advisory: Automation Runtime TFTP Service DoS Vulnerability	1.1
05/2020	Notice: Ripple20 – Impact on B&R Products	1.0
06/2020	Advisory: Multiple Vulnerabilities in SiteManager and GateManager	1.0
07/2020	Advisory: Multiple Vulnerabilities in GateManager	1.0

2019

Number	Description	Document version
2019_02	VxWorks RPC Buffer Overflow Vulnerability CVE-2019-9865	1.0
2019_01	VxWorks IPnet Vulnerabilities	1.1