CVE-2025-3450
📋 TL;DR
An unauthenticated network attacker can exploit improper resource locking in B&R Automation Runtime's SDM component to delete data, causing denial of service. This affects B&R Automation Runtime versions before 6.3 and before Q4.93. Industrial control systems using these vulnerable versions are at risk.
💻 Affected Systems
- B&R Automation Runtime
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Critical industrial processes are disrupted through data deletion, causing extended downtime, production losses, and potential safety incidents.
Likely Case
Operational disruption through data deletion leading to temporary denial of service in industrial automation systems.
If Mitigated
Limited impact with proper network segmentation and access controls preventing unauthenticated network access.
🎯 Exploit Status
Vulnerability requires network access but no authentication. Exploitation likely involves sending crafted network packets to trigger the improper resource locking condition.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 6.3 or Q4.93 and later
Vendor Advisory: https://www.br-automation.com/fileadmin/SA25P002-f6a69e61.pdf
Restart Required: Yes
Instructions:
1. Download the updated Automation Runtime version 6.3 or Q4.93 from B&R support portal. 2. Backup current configuration and data. 3. Install the update following vendor documentation. 4. Restart the system. 5. Verify the update was successful.
🔧 Temporary Workarounds
Network Segmentation
allIsolate B&R Automation Runtime systems from untrusted networks using firewalls and VLANs.
Access Control Lists
allImplement strict network access controls to limit connections to B&R systems only from authorized sources.
🧯 If You Can't Patch
- Implement strict network segmentation to isolate vulnerable systems from untrusted networks
- Deploy intrusion detection systems to monitor for exploitation attempts and anomalous data deletion patterns
🔍 How to Verify
Check if Vulnerable:
Check Automation Runtime version via system properties or management interface. Versions before 6.3 or Q4.93 are vulnerable.Check Version:
Check via Automation Runtime management interface or system properties displayVerify Fix Applied:
Verify installed version is 6.3 or Q4.93 or later. Test system functionality and monitor for abnormal data deletion events.📡 Detection & Monitoring
Log Indicators:
- Unexpected data deletion events
- SDM component error messages
- Unauthenticated network connections to SDM ports
Network Indicators:
- Unusual traffic patterns to SDM ports (typically TCP/1217)
- Crafted packets targeting SDM component
SIEM Query:
source_ip=* AND dest_port=1217 AND protocol=TCP AND (payload_contains="SDM" OR abnormal_packet_size)