The FTP server used on the B&R Automation Runtime supports unsecure encryption mechanisms, such as SSLv3, TLSv1.0 and TLS1.1. An network-based attacker can exploit the flaws to conduct man-in-the-middle attacks or to decrypt communications between the affected product clients.
The FTP server running within B&R Automation Runtime accepts connections using protocols considered obsolete and vulnerable: SSLv3, TLSv1.0, and TLSv1.1. These protocols contain known cryptographic weaknesses that allow an attacker on the same network to force negotiation of weaker encryption (downgrade attack) or directly decrypt transmitted data. No authorization or user interaction is required — network access to the device is sufficient.
An attacker can conduct a man-in-the-middle attack, intercept sensitive data transmitted between the client and FTP server (including authentication and configuration data), and compromise the integrity and confidentiality of communication with the industrial device.
Apply patches available from the manufacturer according to references (Security Advisory SA23P004 available on the B&R Automation website). It is also recommended to configure the network environment so that access to the FTP server is restricted only to trusted hosts, and to consider disabling FTP in favor of more secure file transfer protocols.
B&R Automation Runtime — versions indicated in the manufacturer's references (Security Advisory SA23P004)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HBr Automation Automation Runtime
APPBr-Automation≤ i4.93
Related vulnerabilities
An authentication weakness in the SNMP service in B&R Automation Runtime versions 2.96, 3.00, 3.01, 3.06 to 3....
Diffie-Hellman groups with insufficient strength are used in the SSL/TLS stack of B&R Automation Runtime versi...
Improper initialization implementation in Portmapper used in B&R Industrial Automation Automation Runtime <G4....
Buffer Overflow vulnerability in B&R Automation Runtime webserver allows an unauthenticated network-based atta...
A reflected cross-site scripting (XSS) vulnerability exists in the SVG version of System Diagnostics Manager o...