ABB B&R Automation Runtime DoS Vulnerability in System Diagnostics Manager (SDM)

p a href= https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-146-04.json strong View CSAF /strong /a /p h2 Summary /h2 p strong An update is available that resolves a vulnerability identified by B amp;Rs internal security analysis in the product versions listed as affected in this advisory. An attacker who successfully exploited this vulnerability could cause the product to stop. /strong /p p The following versions of ABB B amp;R Automation Runtime DoS Vulnerability in System Diagnostics Manager (SDM) are affected: /p ul li Automation Runtime lt;6.3 /li li Automation Runtime lt;Q4.93 /li /ul div class= csaf-table table class= tablesaw tablesaw-stack data-tablesaw-mode= stack data-tablesaw-minimap thead tr th role= columnheader data-tablesaw-priority= persist CVSS /th th role= columnheader Vendor /th th role= columnheader Equipment /th th role= columnheader Vulnerabilities /th /tr /thead tbody tr td v3 10 /td td B amp;R /td td ABB B amp;R Automation Runtime DoS Vulnerability in System Diagnostics Manager (SDM) /td td Improper Resource Locking /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Chemical, Communications, Critical Manufacturing, Dams, Energy, Healthcare and Public Health, Information Technology, Water and Wastewater /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong Switzerland /li /ul hr h2 Vulnerabilities /h2 div class= csaf-accordion p a class= csaf-accordion-toggle-all href= # Expand All + /a /p div class= csaf-accordion-item h3 a class= csaf-accordion-toggle href= # CVE-2025-3450 /a /h3 div class= csaf-accordion-content p An Improper Resource Locking vulnerability in the SDM component of B amp;R Automation Runtime versions before 6.3 and before Q4.93 may allow an unauthenticated network-based attacker to delete data causing denial of service conditions. /p p a href= https://www.cve.org/CVERecord?id=CVE-2025-3450 View CVE Details /a /p hr h4 Affected Products /h4 h5 ABB B amp;R Automation Runtime DoS Vulnerability in System Diagnostics Manager (SDM) /h5 div class= ics-vendor-version-status div class= ics-vendor strong Vendor: /strong br B amp;R /div div class= ics-version strong Product Version: /strong br Automation Runtime lt;6.3, Automation Runtime lt;Q4.93 /div div class= ics-status strong Product Status: /strong br fixed, known_affected /div /div div class= ics-remediations h6 Remediations /h6 p strong Vendor fix /strong br The problem is corrected in Automation Runtime versions 6.3 and Q4.93. The System Diagnostic Manager (SDM) is disabled by default in Automation Runtime 6 and is not in-tended be enabled on active systems located outside properly secured production networks or in facilities lacking adequate physical and logical access controls to prevent any form of unauthorized interaction. For customers who use SDM on their systems, B amp;R recommends applying the update at the earliest co