Volerion logoVolerion
Volerion logoVolerion

B&R Automation Runtime and mapp View SSL/TLS Vulnerability Allowing Service Masquerading

Vulnerability

A vulnerability has been identified in the SSL/TLS component of B&R Automation Runtime and B&R mapp View, both in versions prior to 6.1. This vulnerability involves the use of a broken or risky cryptographic algorithm, which can be exploited by unauthenticated, network-based attackers to impersonate services on affected devices. The flaw arises because these applications generate self-signed certificates during the boot process, using an algorithm that is no longer considered secure. This mechanism is intended for testing purposes only, not for production environments.

Impact

Exploitation of this vulnerability allows attackers to masquerade as services on impacted devices.

Remediation

Users are advised to update to B&R Automation Runtime version 6.1 or B&R mapp View version 6.1. Instructions for installing updates and identifying the current product version are available in the user manual.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
4.5
impact
0.6
exploitability
5.9
remediation
7.7
relevance
0.0
threat
0.0
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.