Cyber Security

Holistic protection of corporate know-how and productivity

The increasing digitization and networking of machines and industrial plants brings new dangers related to cyber attacks. Protective measures are now mandatory, especially for critical infrastructure facilities. Industrial facilities and valuable corporate know-how must be comprehensively protected against cyber attacks at all levels.

The information you need

With the latest Cyber Security Advisories and Notices from our Cyber Security team, we provide you with the edge you need to prevent and combat cyber threats.

Contact our Cyber Security team

Do you have a question about Cyber Security for B&R products?
Would you like to report a vulnerability or security issue in a B&R product?

Send us an encrypted email using our PGP key

Anonymous contact to a Computer Emergency Response Team (CERT)

If you discover a vulnerability related to a B&R product and do not wish to contact B&R directly, we recommend ICS-CERT – https://www.kb.cert.org/vuls/report, a different national CERT or other coordinating organization.

Cyber Security guidelines

In the General recommendations for safeguarding control systems (EN), you will find generic instructions for safeguarding industrial control systems and control networks.

Certifications

B&R's development process for the Automation Runtime real-time operating system has been certified. The successful audit by TÜV Rheinland confirms the standard-compliant implementation of the processes for secure product development of industrial automation technology according to the internationally recognized Cyber Security standard IEC 62443-4-1.

Cyber Security Advisories and Notices

2023

Release	Description	Document version
2023-07-26	Advisory SA23P013: B&R Automation Runtime - SYN Flooding Vulnerability in Portmapper	1.0
2023-05-31 (Update 2023-08-09)	Advisory SA23P011: B&R APROL - Abuse SLP based traffic for amplification attack	1.1
2023-04-14	Advisory SA23P002: Several Issues in B&R VC4 Visualization	1.0
2023-02-27	Advisory SA22P011: Vulnerable TigerVNC Version used in B&R Products	1.0
2023-02-15 (Update 2023-04-17)	Advisory SA22P001: Impact of Insyde UEFI Boot Issues on B&R Products	1.2
2023-02-14	Advisory SA22P024: Reflected Cross-Site Scripting Vulnerabilities in SDM	1.0
2023-01-30 (Update 2023-02-03)	Advisory SA22P016: Several Issues in APROL Database	1.1

2022

Number	Description	Document version
04/2022 (Update 2023-02-08)	Advisory: Impact of Vulnerability in WIBU CodeMeter Runtime to B&R Products	1.2
03/2022	Notice: INCONTROLLER	1.0
02/2022	Advisory: A flaw in Chainsaw component of Log4j can lead to code execution	1.0
01/2022	Advisory: RCE through Project Upload from Target ("Evil PLC Attack")	1.2

2021

Number	Description	Document version
15/2021	Notice: Log4Shell - Impact on B&R Products	1.1
14/2021	Advisory: Vulnerabilities in B&R Automation Studio and PVI Windows Services	1.0
13/2021	Advisory: Number:Jack in B&R Products	1.0
12/2021	Advisory: RCE Vulnerability in Automation Studio	1.0
11/2021	Advisory: ZipSlip Vulnerability in Automation Studio Project Import	1.0
10/2021	Advisory: DLL Hijacking Vulnerability in Automation Studio	1.0
09/2021	Notice: INFRA:HALT - Impact on B&R Products	1.0
08/2021	Advisory: Denial of service vulnerability on Automation Runtime webserver	1.0
07/2021	Advisory: Denial of Service vulnerability in B&R Industrial Automation PROFINET IO Device	1.0
06/2021	Advisory: Stack crash in B&R Industrial Automation X20 EthernetIP Adapter	1.0
05/2021	Advisory: Multiple Vulnerabilities in AR NTP Service	1.0
04/2021	Advisory: Amnesia33- Impact on B&R Products	1.1
03/2021	Advisory: NAME:WRECK Impact on Automation Runtime and ARwin	1.1
02/2021	Advisory: Denial-of-Service Vulnerability handling PROFINET DCE-RPC Network Packets	1.0
01/2021	Advisory: B&R Products affected by WIBU CodeMeter Vulnerabilities	1.1

2020

Number	Description	Version
01/2020	Advisory: Automation Runtime SNMP Authentication and Authorization Weakness	1.0
02/2020	Advisory: TPM-Fail	1.1
03/2020	Advisory: Multiple Vulnerabilities in Automation Studio	1.1
04/2020	Advisory: Automation Runtime TFTP Service DoS Vulnerability	1.1
05/2020	Notice: Ripple20 – Impact on B&R Products	1.0
06/2020	Advisory: Multiple Vulnerabilities in SiteManager and GateManager	1.0
07/2020	Advisory: Multiple Vulnerabilities in GateManager	1.0

2019

Number	Description	Document version
2019_02	VxWorks RPC Buffer Overflow Vulnerability CVE-2019-9865	1.0
2019_01	VxWorks IPnet Vulnerabilities	1.1

Code signing certificates

B&R Industrial Automation signs the software developments that are provided. This ensures that only products that have been tested according to our high quality and safety standards bear our name. The code signing certificates listed below for products released by B&R allow our customers to verify the integrity and authenticity of software developments.

Valid from	Valid to	Fingerprint	Key file
2015-07-01	2016-08-05	2a2839fe1affb03e619e0e3f33e91ebc4fef3b62	Download file
2016-07-26	2018-07-27	b4d11977baae8827c8ff1d466969fd5f1b91bfe7	Download file
2018-05-23	2020-05-23	748aa0d710e6877921d2b67ceda9f7c4cafaf9ed	Download file
2018-10-16	2020-05-23	934b742c32b34e856370cc0f62251b3c64cc666e	Download file
2020-04-29	2022-06-23	d095488a2b2efb0440714f6b5baaa5e60e0c5604	Download file
2021-04-15	2022-06-23	13dd07b5d864ad8723fc3549e5eb0c01331e5734	Download file
2021-05-06	2022-05-12	58176987f97e357d0643013ca3900b74ecbb7630	Download file
2021-10-22	2022-10-23	48030051866e5e41022e123de6f00345cc5b83bb	Download file
2022-10-21	2023-10-22	8c5d6238f1698dfb1bc6e46576a447d3c2a19c99	Download file
2023-09-06	2024-09-07	0beff8d71d904a9bb015900dfd792cabb2c81d47	Download file