OTPulse
FeedAboutContact

B&R Automation Runtime DoS Vulnerability in System Diagnostics Manager (SDM)

Act Now10sa25p002Oct 7, 2025
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

A vulnerability in the System Diagnostic Manager (SDM) component of B&R Automation Runtime can cause the product to stop (denial of service). SDM is disabled by default in Automation Runtime 6 and is not intended to be enabled on active systems located outside properly secured production networks or in facilities lacking adequate physical and logical access controls. The vulnerability is corrected in Automation Runtime versions 6.3 and Q4.93.

What this means
What could happen
An attacker could stop the Automation Runtime, causing the loss of control over industrial processes running on affected controllers. This results in immediate operational downtime for manufacturing or utility systems.
Who's at risk
Operators of B&R Automation Runtime controllers in manufacturing facilities, utilities, or process automation environments, particularly those who have enabled the System Diagnostic Manager (SDM) feature on production systems. This affects PLCs and industrial controllers running affected versions of Automation Runtime.
How it could be exploited
An attacker with network access to the System Diagnostic Manager (SDM) service can send a specially crafted request that crashes the Automation Runtime process. Since SDM is disabled by default, exploitation requires either that SDM has been explicitly enabled by the operator or that the attacker can enable it.
Prerequisites
  • Network access to the System Diagnostic Manager (SDM) service port
  • SDM must be enabled on the target system (non-default configuration)
remotely exploitableno authentication requiredlow complexityhigh impact (denial of service)affects industrial process control
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
Automation Runtime <6.3<6.36.3
Automation Runtime <Q4.93<Q4.936.3
Remediation & Mitigation
0/3
Do now
0/2
HARDENINGVerify that System Diagnostic Manager (SDM) is disabled on all active production systems
HARDENINGIf SDM must be enabled, place the controller on a properly secured production network with adequate physical and logical access controls to prevent unauthorized interaction
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade Automation Runtime to version 6.3 or Q4.93 or later
View full ABB PSIRT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/7e335762-a0d3-443a-83a8-daf22e91a913
B&R Automation Runtime DoS Vulnerability in System Diagnostics Manager (SDM) | CVSS 10 - OTPulse