OTPulse

B&R Automation Runtime Vulnerabilities in System Diagnostic Manager (SDM)

MonitorCVSS 6.1SA25P003Oct 7, 2025
B&R Automation
Attack path
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

A vulnerability in the System Diagnostic Manager (SDM) component of B&R Automation Runtime versions prior to 6.4 allows an attacker to hijack a remote diagnostic session or execute code in a user's browser context. This could allow unauthorized access to controller diagnostics, parameters, and potentially logic. The SDM is disabled by default in Automation Runtime 6 but may be enabled in facilities that rely on remote diagnostics. The vulnerability is resolved in Automation Runtime 6.4.

What this means
What could happen
An attacker could hijack a remote diagnostic session or run code within a user's browser session on the System Diagnostic Manager, potentially allowing unauthorized observation or modification of controller parameters and logic.
Who's at risk
Industrial automation engineers and OT operations staff who manage B&R Automation Runtime systems with System Diagnostic Manager enabled. This primarily affects sites where remote diagnostics or monitoring of programmable logic controllers (PLCs) and runtime environments is performed, including manufacturing plants, utilities, and process control facilities.
How it could be exploited
An attacker would need to interact with an exposed System Diagnostic Manager instance (via browser or remote access tool). The vulnerability allows session hijacking or browser code execution, meaning the attacker could view and potentially alter diagnostic data, system parameters, or controller configuration without valid credentials.
Prerequisites
  • Network access to the System Diagnostic Manager interface (typically HTTP/HTTPS)
  • System Diagnostic Manager enabled on the affected Automation Runtime (disabled by default)
  • User interaction required (the attacker needs a user to click or the session to be already active)
Remotely exploitableLow complexity attackRequires user interactionNo authentication required to exploit session hijacking
Exploitability
Unlikely to be exploited — EPSS score 0.3%
Affected products (1)
ProductAffected VersionsFix Status
Automation Runtime <6.4<6.46.4
Remediation & Mitigation
0/4
Do now
0/3
WORKAROUNDDisable System Diagnostic Manager (SDM) if not actively required for day-to-day operations
HARDENINGRestrict network access to the System Diagnostic Manager interface using firewall rules to only authorized engineering workstations and secured production networks
HARDENINGEnsure System Diagnostic Manager is only accessible from properly secured production networks with physical and logical access controls in place
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Automation Runtime to version 6.4 or later
View full ABB PSIRT advisory
API: /api/v1/advisories/a16b6d6d-e391-44c4-9911-dab32e869695

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.

B&R Automation Runtime Vulnerabilities in System Diagnostic Manager (SDM) | CVSS 6.1 - OTPulse