Holistic protection of corporate know-how and productivity
The increasing digitization and networking of machines and industrial plants brings new dangers related to cyber attacks. Protective measures are now mandatory, especially for critical infrastructure facilities. Industrial facilities and valuable corporate know-how must be comprehensively protected against cyber attacks at all levels.
The information you need
With the latest Cyber Security Advisories and Notices from our Cyber Security team, we provide you with the edge you need to prevent and combat cyber threats.
Contact our Cyber Security team
Anonymous contact to a Computer Emergency Response Team (CERT)
If you discover a vulnerability related to a B&R product and do not wish to contact B&R directly, we recommend ICS-CERT – https://www.kb.cert.org/vuls/report, a different national CERT or other coordinating organization.
Cyber Security guidelines
In the document Cyber Security - Defense in Depth for B&R Products, you will find instructions for safeguarding industrial control systems and control networks.
Certifications
B&R's development process for the Automation Runtime real-time operating system has been certified. The successful audit by TÜV Rheinland confirms the standard-compliant implementation of the processes for secure product development of industrial automation technology according to the internationally recognized Cyber Security standard IEC 62443-4-1.
Cyber Security Advisories and Notices
Release | Description | Document version |
|---|---|---|
2024-08-27 (Update 2024-08-28) | 1.1 | |
2024-08-09 (Update 2024-08-30) | Advisory SA24P011: Several vulnerabilities in B&R Automation Runtime | 1.1 |
2024-05-14 | 1.0 | |
2024-04-12 | Advisory SA24P002: Impact of LogoFail vulnerability on B&R Industrial PCs and HMI products | 1.1 |
2024-04-10 | Advisory SA24P006: B&R APROL - Several vulnerabilities in the Docker Engine | 1.1 |
2024-02-22 | 1.0 | |
2024-02-14 | Advisory SA24P004: SSH Service vulnerable to Terrapin attack | 1.0 |
2024-02-05 (Update 2024-02-06) | Advisory SA23P018: B&R Automation Runtime - SDM Web interface vulnerable to XSS | 1.1 |
2024-02-05 | Advisory SA23P004: B&R Automation Runtime - FTP uses unsecure encryption mechanisms | 1.0 |
Release | Description | Document version |
|---|---|---|
2023-07-26 | Advisory SA23P013: B&R Automation Runtime - SYN Flooding Vulnerability in Portmapper | 1.0 |
2023-05-31 (Update 2023-08-09) | Advisory SA23P011: B&R APROL - Abuse SLP based traffic for amplification attack | 1.1 |
2023-04-14 | 1.0 | |
2023-02-27 (Update 2024-03-06) | Advisory SA22P011: Vulnerable TigerVNC Version used in B&R Products | 1.1 |
2023-02-15 (Update 2023-04-17) | Advisory SA22P001: Impact of Insyde UEFI Boot Issues on B&R Products | 1.2 |
2023-02-14 | Advisory SA22P024: Reflected Cross-Site Scripting Vulnerabilities in SDM | 1.0 |
2023-01-30 (Update 2023-02-03) | 1.1 |
Number | Description | Document version |
|---|---|---|
04/2022 (Update 2023-02-08) | Advisory: Impact of Vulnerability in WIBU CodeMeter Runtime to B&R Products | 1.2 |
03/2022 | 1.0 | |
02/2022 (Update 2024-06-24) | Advisory: A flaw in Chainsaw component of Log4j can lead to code execution | 1.1 |
01/2022 | Advisory: RCE through Project Upload from Target ("Evil PLC Attack") | 1.2 |
Number | Description | Document version |
|---|---|---|
15/2021 | 1.1 | |
14/2021 | Advisory: Vulnerabilities in B&R Automation Studio and PVI Windows Services | 1.0 |
13/2021 | 1.0 | |
12/2021 | 1.0 | |
11/2021 | Advisory: ZipSlip Vulnerability in Automation Studio Project Import | 1.0 |
10/2021 (Updated 2024-05-14) | 1.1 | |
09/2021 | 1.0 | |
08/2021 | Advisory: Denial of service vulnerability on Automation Runtime webserver | 1.0 |
07/2021 | Advisory: Denial of Service vulnerability in B&R Industrial Automation PROFINET IO Device | 1.0 |
06/2021 | Advisory: Stack crash in B&R Industrial Automation X20 EthernetIP Adapter | 1.0 |
05/2021 | 1.0 | |
04/2021 | 1.1 | |
03/2021 | 1.1 | |
02/2021 | Advisory: Denial-of-Service Vulnerability handling PROFINET DCE-RPC Network Packets | 1.0 |
01/2021 | Advisory: B&R Products affected by WIBU CodeMeter Vulnerabilities | 1.1 |
Number | Description | Version |
|---|---|---|
01/2020 | Advisory: Automation Runtime SNMP Authentication and Authorization Weakness | 1.0 |
02/2020 | 1.1 | |
03/2020 | 1.1 | |
04/2020 | 1.1 | |
05/2020 | 1.0 | |
06/2020 | Advisory: Multiple Vulnerabilities in SiteManager and GateManager | 1.0 |
07/2020 | 1.0 |
Number | Description | Document version |
|---|---|---|
2019_02 | 1.0 | |
2019_01 | 1.1 |
Code signing certificates
B&R Industrial Automation signs the software developments that are provided. This ensures that only products that have been tested according to our high quality and safety standards bear our name. The code signing certificates listed below for products released by B&R allow our customers to verify the integrity and authenticity of software developments.
Valid from | Valid to | Fingerprint | Key file |
|---|---|---|---|
2015-07-01 | 2016-08-05 | 2a2839fe1affb03e619e0e3f33e91ebc4fef3b62 | |
2016-07-26 | 2018-07-27 | b4d11977baae8827c8ff1d466969fd5f1b91bfe7 | |
2018-05-23 | 2020-05-23 | 748aa0d710e6877921d2b67ceda9f7c4cafaf9ed | |
2018-10-16 | 2020-05-23 | 934b742c32b34e856370cc0f62251b3c64cc666e | |
2020-04-29 | 2022-06-23 | d095488a2b2efb0440714f6b5baaa5e60e0c5604 | |
2021-04-15 | 2022-06-23 | 13dd07b5d864ad8723fc3549e5eb0c01331e5734 | |
2021-05-06 | 2022-05-12 | 58176987f97e357d0643013ca3900b74ecbb7630 | |
2021-10-22 | 2022-10-23 | 48030051866e5e41022e123de6f00345cc5b83bb | |
2022-10-21 | 2023-10-22 | 8c5d6238f1698dfb1bc6e46576a447d3c2a19c99 | |
2023-09-06 | 2024-09-07 | 0beff8d71d904a9bb015900dfd792cabb2c81d47 | |
2024-08-06 | 2025-08-06 | fd4f2aacc85ae0ca87c17d2ed199d697094d7f74 |