An Improper Resource Locking vulnerability in the SDM component of B&R Automation Runtime versions before 6.3 and before Q4.93 may allow an unauthenticated network-based attacker to delete data causing denial of service conditions.
The FTP server used on the B&R Automation Runtime supports unsecure encryption mechanisms, such as SSLv3, TLSv1.0 and TLS1.1. An network-based attacker can exploit the flaws to conduct man-in-the-middle attacks or to decrypt communications between the affected product clients.
An authentication weakness in the SNMP service in B&R Automation Runtime versions 2.96, 3.00, 3.01, 3.06 to 3.10, 4.00 to 4.63, 4.72 and above allows unauthenticated users to modify the configuration of B&R products via SNMP.
| CVE ID ⇅ | Severity ↓ | Description | |
|---|---|---|---|
| CVE-2025-3450 | CRITICAL | An Improper Resource Locking vulnerability in the SDM component of B&R Automation Runtime versions b… | › |
| CVE-2024-0323 | CRITICAL | The FTP server used on the B&R Automation Runtime supports unsecure encryption mechanisms, such as S… | › |
| CVE-2019-19108 | CRITICAL | An authentication weakness in the SNMP service in B&R Automation Runtime versions 2.96, 3.00, 3.01, … | › |