ABB B&R Automation Runtime DoS Vulnerability in System Diagnostics Manager (SDM)

Risk Summary

An update is available that resolves a vulnerability identified by B&Rs internal security analysis in the product versions listed as affected in this advisory. An attacker who successfully exploited this vulnerability could cause the product to stop.

CVEs (1)

Remediations

• The problem is corrected in Automation Runtime versions 6.3 and Q4.93. The System Diagnostic Manager (SDM) is disabled by default in Automation Runtime 6 and is not in-tended be enabled on active systems located outside properly secured production networks or in facilities lacking adequate physical and logical access controls to prevent any form of unauthorized interaction. For customers who use SDM on their systems, B&R recommends applying the update at the earliest convenience. The process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.

Affected Vendors

Affected Products (4)

Affected Sectors

Chemical, Communications, Critical Manufacturing, Dams, Energy, Healthcare and Public Health, Information Technology, Water and Wastewater