Filtered by vendor Br-automation
Subscriptions
Filtered by product Automation Studio
Subscriptions
Total
11 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-11043 | 1 Br-automation | 2 Automation Studio, Studio | 2026-01-20 | 7.4 High |
| An Improper Certificate Validation vulnerability in the OPC-UA client and ANSL over TLS client used in Automation Studio versions before 6.5 could allow an unauthenticated attacker on the network to position themselves to intercept and interfere with data exchanges. | ||||
| CVE-2021-22280 | 1 Br-automation | 1 Automation Studio | 2025-12-19 | 7.2 High |
| Improper DLL loading algorithms in B&R Automation Studio versions >=4.0 and <4.12 may allow an authenticated local attacker to execute code in the context of the product. | ||||
| CVE-2021-22282 | 1 Br-automation | 1 Automation Studio | 2025-06-17 | 8.3 High |
| Improper Control of Generation of Code ('Code Injection') vulnerability in B&R Industrial Automation Automation Studio allows Local Execution of Code.This issue affects Automation Studio: from 4.0 through 4.12. | ||||
| CVE-2020-24682 | 2 Br-automation, Microsoft | 3 Automation Net\/pvi, Automation Studio, Windows | 2025-06-17 | 7.2 High |
| Unquoted Search Path or Element vulnerability in B&R Industrial Automation Automation Studio, B&R Industrial Automation NET/PVI allows Target Programs with Elevated Privileges.This issue affects Automation Studio: from 4.0 through 4.6, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4 SP; NET/PVI: from 4.0 through 4.6, from 4.7.0 before 4.7.7, from 4.8.0 before 4.8.6, from 4.9.0 before 4.9.4. | ||||
| CVE-2020-24681 | 2 Br-automation, Microsoft | 2 Automation Studio, Windows | 2025-05-09 | 8.2 High |
| Incorrect Permission Assignment for Critical Resource vulnerability in B&R Industrial Automation Automation Studio allows Privilege Escalation.This issue affects Automation Studio: from 4.6.0 through 4.6.X, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4 SP. | ||||
| CVE-2024-0220 | 1 Br-automation | 2 Automation Studio, Technology Guarding | 2025-05-06 | 8.3 High |
| B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive data. | ||||
| CVE-2021-22281 | 1 Br-automation | 1 Automation Studio | 2024-11-21 | 6.3 Medium |
| : Relative Path Traversal vulnerability in B&R Industrial Automation Automation Studio allows Relative Path Traversal.This issue affects Automation Studio: from 4.0 through 4.12. | ||||
| CVE-2019-19108 | 1 Br-automation | 2 Automation Runtime, Automation Studio | 2024-11-21 | 9.4 Critical |
| An authentication weakness in the SNMP service in B&R Automation Runtime versions 2.96, 3.00, 3.01, 3.06 to 3.10, 4.00 to 4.63, 4.72 and above allows unauthenticated users to modify the configuration of B&R products via SNMP. | ||||
| CVE-2019-19102 | 1 Br-automation | 1 Automation Studio | 2024-11-21 | 5.5 Medium |
| A directory traversal vulnerability in SharpZipLib used in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x and 4.2.x allow unauthenticated users to write to certain local directories. The vulnerability is also known as zip slip. | ||||
| CVE-2019-19101 | 1 Br-automation | 1 Automation Studio | 2024-11-21 | 6.5 Medium |
| A missing secure communication definition and an incomplete TLS validation in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x, 4.2.x, < 4.3.11SP, < 4.4.9SP, < 4.5.5SP, < 4.6.4 and < 4.7.2 enable unauthenticated users to perform MITM attacks via the B&R upgrade server. | ||||
| CVE-2019-19100 | 1 Br-automation | 1 Automation Studio | 2024-11-21 | 7.5 High |
| A privilege escalation vulnerability in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x, 4.2.x, < 4.3.11SP, < 4.4.9SP, < 4.5.4SP, <. 4.6.3SP, < 4.7.2 and < 4.8.1 allow authenticated users to delete arbitrary files via an exposed interface. | ||||
Page 1 of 1.