B&R Automation Runtime

Plan Patch7.5ICS-CERT ICSA-25-028-01Jan 15, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A cryptographic vulnerability in B&R Automation Runtime and mapp View allows an attacker to generate valid self-signed certificates that can be used to impersonate legitimate services. This affects systems that generate certificates on production machines and could enable attackers to masquerade as trusted services, intercept communications, or harvest credentials from operators and systems that connect to the affected devices.

What this means

What could happen

An attacker could create fraudulent certificates to impersonate legitimate services on your automation systems, enabling credential theft or man-in-the-middle attacks that could disrupt communications between your HMI, engineering workstations, and control devices.

Who's at risk

Water utilities and municipal electric utilities using B&R Automation Runtime or mapp View for HMI, SCADA frontend, or control system engineering workstations need to assess their use of self-signed certificate generation. Any facility that relies on these products for real-time automation, remote monitoring, or control communications should prioritize patching.

How it could be exploited

An attacker exploits a cryptographic weakness in certificate generation to create valid-looking self-signed certificates. If your Automation Runtime or mapp View system generates certificates on production machines, the attacker can impersonate those services to intercept or redirect operational communications.

Prerequisites

B&R Automation Runtime or mapp View actively generating self-signed certificates on production machines
Network access to affected devices
Ability to present malicious certificates to clients connecting to the service

remotely exploitableno authentication requiredcryptographic weakness enables service impersonationaffects automation system communications

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

Automation Runtime < 6.1<6.16.1

mapp View < 6.1<6.16.1

Remediation & Mitigation

0/4

Do now

0/1

HARDENINGReview audit logs on affected systems to identify whether self-signed certificates were generated during the vulnerability window

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate B&R Automation Runtime to version 6.1 or later

HOTFIXUpdate B&R mapp View to version 6.1 or later

Long-term hardening

0/1

HARDENINGImplement network segmentation to restrict access to Automation Runtime and mapp View services to authorized engineering workstations and control devices only

CVEs (1)

CVE-2024-8603

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/a8262188-0789-44ea-8644-eb16d1b78545