CVE-2023-6028

Name of the Vulnerable Software and Affected Versions B&R Automation Runtime versions <= G4.93

Description A reflected cross-site scripting (XSS) vulnerability exists in the SVG version of System Diagnostics Manager that enables a remote attacker to execute arbitrary JavaScript code in the context of the attacked user’s browser session.

Recommendations For versions <= G4.93, consider disabling the SVG version of System Diagnostics Manager as a temporary workaround until a patch is available. Restrict access to the System Diagnostics Manager to minimize the risk of exploitation. Avoid using the vulnerable SVG version in the affected browser sessions until the issue is resolved.