B&R Automation Runtime has recently identified a significant security vulnerability, marked with CVE ID CVE-2024-0323, affecting product versions below I4.93. In response to this discovery, B&R has promptly released a Cyber Security Advisory (Document ID: SA23P004) to inform customers about the potential risks and provide necessary details. The vulnerability stems from an issue in the FTP server component, posing a risk of man-in-the-middle attacks or the decryption of communications by an unauthenticated network-based attacker. B&R’s commitment to user security is evident through their proactive approach in promptly addressing and releasing a fix for the identified flaw.
The advisory outlines the severity of the vulnerability, assessed using the FIRST Common Vulnerability Scoring System (CVSS) v3.11. To mitigate potential risks, B&R recommends an immediate update to B&R Automation Runtime version I4.93. Customers are urged to follow the update installation process described in the user manual, ensuring a swift response to secure their systems. The release of this advisory aligns with B&R’s dedication to responsible disclosure, providing users with timely and essential information to maintain the trust and security of their products.
