Volerion logoVolerion
Volerion logoVolerion

B&R Automation Runtime Cross-Site Scripting Vulnerability

Vulnerability

A reflected cross-site scripting vulnerability has been identified in the System Diagnostics Manager (SDM) component of B&R Automation Runtime. This issue affects versions 6.0 prior to 6.4. The vulnerability allows remote attackers to execute arbitrary JavaScript in the context of the user's browser session.

Impact

Exploitation of this vulnerability enables reflected cross-site scripting, allowing for the execution of malicious scripts in the user's browser session.

Reproduction

To reproduce this vulnerability, an attacker must create a hyperlink containing malicious script code. This hyperlink must then be opened by the user, triggering the execution of the embedded script.

Remediation

Users are advised to update to B&R Automation Runtime version 6.4 or later. For those using the System Diagnostic Manager, B&R recommends applying the update based on a risk assessment at the earliest convenience.

Added: Oct 7, 2025, 7:38 PM
Updated: Oct 7, 2025, 7:38 PM

Vulnerability Rating

Custom Algorithm
spread
4.5
impact
1.7
exploitability
6.3
remediation
7.9
relevance
0.7
threat
1.6
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.