---
title: "Critical DoS Vulnerability in ABB B&R Automation Runtime (CVE-2025-3450)"
short_title: "ABB B&R Automation Runtime DoS flaw fixed"
description: "ABB patches critical DoS vulnerability (CVE-2025-3450) in Automation Runtime. Learn how to secure affected systems and mitigate risks now."
author: "Vitus"
date: 2024-10-02
categories: [Cybersecurity, Vulnerabilities]
tags: [abb, cve-2025-3450, dos, industrial-security, ot-security]
score: 0.85
cve_ids: [CVE-2025-3450]
---
## TL;DR
ABB has released a critical security update to address a Denial-of-Service (DoS) vulnerability (CVE-2025-3450) in its B&R Automation Runtime. Exploiting this flaw could allow unauthenticated attackers to crash affected systems, disrupting operations in critical infrastructure sectors. Immediate patching and mitigation steps are recommended.
Main Content
### Introduction
ABB, a global leader in industrial automation, has resolved a critical vulnerability in its B&R Automation Runtime software. The flaw, identified as CVE-2025-3450, could enable unauthenticated attackers to cause a Denial-of-Service (DoS) condition, potentially halting operations in sectors like energy, manufacturing, and healthcare. This advisory details the vulnerability, its impact, and steps to secure affected systems.
### Key Points
- Vulnerability: CVE-2025-3450 (Improper Resource Locking) affects ABB B&R Automation Runtime versions prior to 6.3 and Q4.93.
- Severity: CVSS 10.0 (Critical) – Exploitable remotely without authentication.
- Impact: Successful exploitation could crash the System Diagnostics Manager (SDM), leading to operational disruptions.
- Affected Sectors: Chemical, energy, healthcare, critical manufacturing, water and wastewater systems, and more.
- Mitigation: Apply updates to Automation Runtime 6.3 or Q4.93, disable SDM if unused, and restrict network access.
### Technical Details
#### Vulnerability Overview
CVE-2025-3450 is an Improper Resource Locking vulnerability in the System Diagnostics Manager (SDM) component of ABB B&R Automation Runtime. An unauthenticated attacker with network access could exploit this flaw by sending a specially crafted message to delete critical data, causing the system to stop.
#### Affected Systems
- Automation Runtime versions prior to 6.3
- Automation Runtime versions prior to Q4.93
#### Exploitation Mechanism
Attackers could exploit this vulnerability by:
1. Gaining access to the target network (e.g., via misconfigured firewalls or malware).
2. Sending a malicious payload to the SDM component, triggering a DoS condition.
### Impact Assessment
#### Critical Infrastructure at Risk
The vulnerability poses a significant threat to critical infrastructure sectors, including:
- Energy: Power plants and grid operations.
- Manufacturing: Industrial control systems (ICS) and production lines.
- Healthcare: Medical devices and hospital infrastructure.
- Water and Wastewater: Treatment and distribution systems.
#### Potential Consequences
- Operational Downtime: Disruption of industrial processes, leading to financial losses.
- Safety Risks: Unplanned shutdowns could endanger personnel or equipment.
- Compliance Violations: Failure to patch may result in regulatory penalties.
### Mitigation Steps
#### Immediate Actions
1. Apply Updates: Install Automation Runtime version 6.3 or Q4.93 immediately.
2. Disable SDM: If SDM is not required, disable it in the Automation Studio project.
3. Restrict Access: Limit network access to trusted personnel and IP addresses.
4. Enable HTTPS: Configure the webserver to use TLS (HTTPS) and consider mutual TLS (mTLS) for added security.
#### Long-Term Recommendations
- Network Segmentation: Isolate control systems from business networks using firewalls.
- Physical Security: Restrict physical access to critical systems.
- Monitoring: Deploy intrusion detection systems (IDS) to detect anomalous activity.
- Regular Audits: Conduct security assessments to identify and address vulnerabilities.
### Attack Vector
- Remote Exploitation: Attackers with network access can exploit the vulnerability without authentication.
- No User Interaction Required: The flaw can be triggered by sending a crafted payload to the target system.
- Low Attack Complexity: Exploitation does not require advanced technical skills.
### Frequently Asked Questions
#### What is the System Diagnostics Manager (SDM)?
SDM is a web-based tool in Automation Runtime that provides diagnostic information for controllers. It is disabled by default in versions 6.0 and above.
#### What is Automation Runtime (AR)?
Automation Runtime is a middleware system that enables applications to run on B&R target systems, commonly used in industrial automation.
#### Has this vulnerability been exploited in the wild?
As of the advisory's release, no exploitation attempts have been reported. The flaw was discovered through ABB’s internal security analysis.
#### How can I check if my system is affected?
Refer to the Automation Studio user manual for instructions on identifying the installed product version.
## Conclusion
The CVE-2025-3450 vulnerability in ABB B&R Automation Runtime highlights the critical importance of securing industrial control systems against DoS attacks. Organizations must apply the latest updates, disable unnecessary components like SDM, and implement robust network security measures to mitigate risks. Proactive steps, such as network segmentation and access controls, are essential to safeguarding critical infrastructure from emerging threats.
## References
[^1]: ABB PSIRT. "Security Advisory SA25P002: ABB B&R Automation Runtime DoS Vulnerability". Retrieved 2024-10-02.
[^2]: CISA. "ICS Advisory ICSA-26-146-04". Retrieved 2024-10-02.
[^3]: MITRE. "CWE-413: Improper Resource Locking". Retrieved 2024-10-02.