CVE-2025-3449
📋 TL;DR
A predictable session identifier generation vulnerability in B&R Automation Runtime's SDM component allows unauthenticated network attackers to hijack established sessions. This affects B&R Automation Runtime versions before 6.4 used in industrial control systems.
💻 Affected Systems
- B&R Automation Runtime
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attacker gains unauthorized control over industrial automation systems, potentially disrupting operations or manipulating physical processes.
Likely Case
Session hijacking leading to unauthorized access to automation interfaces and configuration data.
If Mitigated
Limited impact if network segmentation and access controls prevent attacker access to vulnerable systems.
🎯 Exploit Status
Requires network access to vulnerable systems and ability to predict session identifiers
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 6.4 or later
Vendor Advisory: https://www.br-automation.com/fileadmin/SA25P003-178b6a20.pdf
Restart Required: No
Instructions:
1. Download Automation Runtime version 6.4 or later from B&R support portal. 2. Backup current configuration. 3. Install update following vendor documentation. 4. Verify successful installation.
🔧 Temporary Workarounds
Network Segmentation
allIsolate Automation Runtime systems from untrusted networks
Access Control Lists
allRestrict network access to Automation Runtime systems to authorized IP addresses only
🧯 If You Can't Patch
- Implement strict network segmentation to isolate vulnerable systems
- Monitor network traffic for unusual session activity and implement session timeout policies
🔍 How to Verify
Check if Vulnerable:
Check Automation Runtime version in system properties or via diagnostic toolsCheck Version:
Check system properties or use Automation Studio diagnostic toolsVerify Fix Applied:
Verify version is 6.4 or higher and test session establishment📡 Detection & Monitoring
Log Indicators:
- Multiple failed session attempts
- Session ID collisions
- Unauthorized access attempts
Network Indicators:
- Unusual session establishment patterns
- Predictable session ID sequences in network traffic
SIEM Query:
source="automation_runtime" AND (event_type="session_hijack" OR session_id_pattern="predictable")