B&R Automation Runtime Cyber Security Advisory

This document is a Cyber Security Advisory from B&R Automation detailing several vulnerabilities identified in B&R Automation Runtime versions prior to 6.0.2. The advisory outlines the identified vulnerabilities, including their respective CVE IDs, and describes the potential risks associated with each vulnerability. It explains that a network-based attacker could exploit these vulnerabilities to make the product inaccessible, decrypt communications, or inject traffic into other network segments. The advisory also provides a summary of the severity of each vulnerability, assessed using the FIRST Common Vulnerability Scoring System (CVSS). Furthermore, it recommends that customers apply the necessary updates to mitigate these vulnerabilities and emphasizes the importance of responsible disclosure in maintaining trust with users. The document serves as a notification to customers regarding the vulnerabilities and includes guidance on how to secure their systems against potential threats.