← Back to home
ICSA-23-068-02  ·  Published 2023-03-29  ·  View on CISA ICS-CERT ↗

B&R Systems Diagnostics Manager

CVSS 6.1 MEDIUM

Risk Summary

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code to exfiltrate data and perform any action within the user's browser session.

CVEs (1)

Remediations

  • B&R recommends users to update to the latest version of the product at earliest convenience (instructions to install updates is described in the user manual):
  • Update all SDM products to firmware D4.93 or later.
  • B&R also recommends the following workarounds to mitigate the risk of exploitation:
  • Deactivate the SDM when not needed.
  • Refer to “general security recommendations” in the B&R Industrial Automation’s advisory
  • Do not use hyperlinks provided by untrusted third parties to access the SDM.
  • Use external Web Application Firewalls when possible.
  • Visit the B&R Industrial Automation’s advisory for more information.

Affected Vendors

B&R Industrial Automation

Affected Products (2)

B&R Industrial Automation · System Diagnostics Manager >= 3.00
B&R Industrial Automation · System Diagnostics Manager <= C4.93

Affected Sectors

Chemical, Critical Manufacturing, Energy

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more