Contact B&R Cyber Security Team
Do you have a question regarding Cyber Security in B&R products?
Do you want to report a vulnerability or security issue in a B&R product?
Please send an encrypted email to cybersecurity@br-automation.com using our PGP key..
Anonymous Contact
In case that someone discovering a vulnerability relating to a B&R product does not wish to directly contact or interact with B&R, we recommend contacting ICS-CERT(https://www.kb.cert.org/vuls/report/), any other national CERT or other coordinating organization.
Cyber Security Guidelines
The General recommendations for safeguarding control systems contain generic notes regarding protection of industrial control systems and control networks.
Cyber Security Advisories and Notices
Release | Description | Version |
|---|---|---|
27.02.2023 | 1.0 | |
15.02.2023 (Update 24.03.2023) | 1.1 | |
14.02.2023 | Advisory: Reflected Cross-Site Scripting Vulnerabitities in SDM | 1.0 |
30.01.2023 | 1.1 |
Number | Description | Version |
|---|---|---|
04/2022 (Updated 08.02.2023) | Advisory: Impact of Vulnerability in WIBU CodeMeter Runtime to B&R Products | 1.2 |
03/2022 | 1.0 | |
02/2022 | Advisory: A flaw in Chainsaw component of Log4j can lead to code execution | 1.0 |
01/2022 | Advisory: RCE through Project Upload from Target ("Evil PLC Attack") | 1.2 |
Number | Description | Version |
|---|---|---|
15/2021 | 1.1 | |
14/2021 | Advisory: Vulnerabilities in B&R Automation Studio and PVI Windows Services | 1.0 |
13/2021 | 1.0 | |
12/2021 | 1.0 | |
11/2021 | Advisory: ZipSlip Vulnerability in Automation Studio Project Import | 1.0 |
10/2021 | 1.0 | |
09/2021 | 1.0 | |
08/2021 | Advisory: Denial of service vulnerability on Automation Runtime webserver | 1.0 |
07/2021 | Advisory: Denial of Service vulnerability in B&R Industrial Automation PROFINET IO Device | 1.0 |
06/2021 | Advisory: Stack crash in B&R Industrial Automation X20 EthernetIP Adpater | 1.0 |
05/2021 | 1.0 | |
04/2021 | 1.1 | |
03/2021 | 1.1 | |
02/2021 | Advisory: Denial-of-Service Vulnerability handling PROFINET DCE-RPC Network Packets | 1.0 |
01/2021 | Advisory: B&R Products affected by WIBU CodeMeter Vulnerabilities | 1.1 |
Number | Description | Version |
|---|---|---|
01/2020 | Advisory: Automation Runtime SNMP Authentication and Authorization Weakness | 1.0 |
02/2020 | 1.1 | |
03/2020 | 1.1 | |
04/2020 | 1.1 | |
05/2020 | 1.0 | |
06/2020 | Advisory: Multiple Vulnerabilities in SiteManager and GateManager | 1.0 |
07/2020 | 1.0 |
Number | Description | Version |
|---|---|---|
2019_02 | 1.0 | |
2019_01 | 1.1 |
Code Signing Certificates
B&R Industrial Automation signs provided software deliverables. This ensures that only products that have been approved in accordance with our high quality and security standards are marked with our name. The code signing certificates listed below for products released by B&R enable our customers to verify the integrity and authenticity of software deliverables.
Valid from | Valid to | Fingerprint | Keyfile |
|---|---|---|---|
01.07.2015 | 05.08.2016 | 2a2839fe1affb03e619e0e3f33e91ebc4fef3b62 | |
26.07.2016 | 27.07.2018 | b4d11977baae8827c8ff1d466969fd5f1b91bfe7 | |
23.05.2018 | 23.05.2020 | 748aa0d710e6877921d2b67ceda9f7c4cafaf9ed | |
16.10.2018 | 23.05.2020 | 934b742c32b34e856370cc0f62251b3c64cc666e | |
29.04.2020 | 23.06.2022 | d095488a2b2efb0440714f6b5baaa5e60e0c5604 | |
15.04.2021 | 23.06.2022 | 13dd07b5d864ad8723fc3549e5eb0c01331e5734 | |
06.05.2021 | 12.05.2022 | 58176987f97e357d0643013ca3900b74ecbb7630 | |
22.10.2021 | 23.10.2022 | 48030051866e5e41022e123de6f00345cc5b83bb | |
21.10.2022 | 22.10.2023 | 8c5d6238f1698dfb1bc6e46576a447d3c2a19c99 |