[Control systems] B&R Industrial Automation security advisory

Number: AV21-601
Date: 30 November 2021

On 30 November 2021 B&R Industrial Automation published Security Advisories to address vulnerabilities in the following products:

  • TCP/IP stack in:
    • Vision cameras – multiple models and versions
    • Safe Logic – multiple models and versions
    • Bus Controllers – multiple models and versions
    • Motion components – multiple models and versions
  • B&R Automation Studio – versions 4.6.x and prior, 4.7.6 and prior, 4.8.5 and prior and 4.9.3 and prior.
  • B&R Automation NET/PVI - versions 4.6.x and prior, 4.7.6 and prior, 4.8.5 and prior and 4.9.3 and prior.

Exploitation of these vulnerabilities could lead to session hijacking or privilege escalation.

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates, once available.

Number:Jack Cyber Security Cyber securityThe protection of digital information, as well as the integrity of the infrastructure housing and transmitting digital information. More specifically, cyber security includes the body of technologies, processes, practices and response and mitigation measures designed to protect networks, computers, programs and data from attack, damage or unauthorized access so as to ensure confidentiality, integrity and availability. Advisory (#13/2021)
https://www.br-automation.com/downloads_br_productcatalogue/assets/1636745459972-en-original-1.0.pdf

B&R Automation Studio/NET/PVI Cyber Security Advisory (#14/2021)
https://www.br-automation.com/downloads_br_productcatalogue/assets/1636745459964-en-original-1.0.pdf

 

Date modified: