Holistic protection of corporate know-how and productivity
The increasing digitization and networking of machines and industrial plants brings new dangers related to cyber attacks. Protective measures are now mandatory, especially for critical infrastructure facilities. Industrial facilities and valuable corporate know-how must be comprehensively protected against cyber attacks at all levels.
The information you need
With the latest Cybersecurity Advisories and Notices from our Cybersecurity team, we provide you with the edge you need to prevent and combat cyber threats.
Contact our Cybersecurity team
Anonymous contact to a Computer Emergency Response Team (CERT)
If you discover a vulnerability related to a B&R product and do not wish to contact B&R directly, we recommend ICS-CERT – https://www.kb.cert.org/vuls/report, a different national CERT or other coordinating organization.
In the General recommendations for safeguarding control systems (EN), you will find generic instructions for safeguarding industrial control systems and control networks.
B&R's development process for the Automation Runtime real-time operating system has been certified. The successful audit by TÜV Rheinland confirms the standard-compliant implementation of the processes for secure product development of industrial automation technology according to the internationally recognized cybersecurity standard IEC 62443-4-1.
Cybersecurity Advisories and Notices
Advisory SA22P011: Vulnerable TigerVNC Version used in B&R Products
Advisory SA22P001: Impact of Insyde UEFI Boot Issues on B&R Products
Advisory SA22P024: Reflected Cross-Site Scripting Vulnerabilities in SDM
Advisory: Impact of Vulnerability in WIBU CodeMeter Runtime to B&R Products
Advisory: A flaw in Chainsaw component of Log4j can lead to code execution
Advisory: RCE through Project Upload from Target ("Evil PLC Attack")
Advisory: Vulnerabilities in B&R Automation Studio and PVI Windows Services
Advisory: ZipSlip Vulnerability in Automation Studio Project Import
Advisory: Denial of service vulnerability on Automation Runtime webserver
Advisory: Denial of Service vulnerability in B&R Industrial Automation PROFINET IO Device
Advisory: Stack crash in B&R Industrial Automation X20 EthernetIP Adapter
Advisory: Denial-of-Service Vulnerability handling PROFINET DCE-RPC Network Packets
Advisory: B&R Products affected by WIBU CodeMeter Vulnerabilities
Advisory: Automation Runtime SNMP Authentication and Authorization Weakness
Advisory: Multiple Vulnerabilities in SiteManager and GateManager
Code signing certificates
B&R Industrial Automation signs the software developments that are provided. This ensures that only products that have been tested according to our high quality and safety standards bear our name. The code signing certificates listed below for products released by B&R allow our customers to verify the integrity and authenticity of software developments.