B&R Industrial Automation Automation Studio 4

Risk Summary

An attacker could leverage this vulnerability to execute code within the context of the affected system, which may threaten the integrity and confidentiality of data or cause a denial-of-service condition.

CVEs (1)

Remediations

• Note: This feature is not activated by default. Do not use or enable the feature if it is not necessary for projects.
• Use only Automation Network Service Link (ANSL) over SSL and enable authentication on the PLC.
• Configure password protection when using the “Backing up project source files on the target system” feature. Use strong passwords.
• Protect networks with PLCs from unauthorized access by using firewalls.
• Do not run B&R Automation Studio with elevated user privileges.
• Verify the integrity of B&R Automation Studio project files, which are exchanged via potentially insecure channels (e. g., using hashes or digital signatures).
• Ensure Windows User Access Control (UAC) is enabled
• In general, B&R recommends implementing B&R Cyber Security guidelines. For additional information and support, users should contact B&R directly.

Affected Vendors

Affected Products (1)

Affected Sectors

Chemical, Critical Manufacturing, Energy