ABB B&R Automation Runtime Denial of Service Vulnerability Patched

ABB B&R has identified a critical vulnerability in the System Diagnostics Manager (SDM) component of its Automation Runtime software affecting versions before 6.3 and Q4.93. The flaw, classified as improper resource locking (CVE-2025-3450), allows unauthenticated network attackers to delete data and cause system outages. The vulnerability has a CVSS score of 10, indicating critical severity. Affected industries include energy, manufacturing, healthcare, and water treatment systems worldwide. B&R has released patched versions 6.3 and Q4.93. The company recommends immediate updates for users running SDM on their systems. SDM is disabled by default in Automation Runtime 6 and should not operate outside secured production networks. Source: ABB Security Advisory.