HomeIntelligenceBrief
VULNERABILITY BRIEF🔴 Critical Vulnerability

Critical DoS in ABB B&R Automation Runtime System Diagnostics Manager (CVE-2025-3450) Threatens Industrial Control Systems

ABB B&R Automation Runtime versions before 6.3 and Q4.93 contain an Improper Resource Locking flaw (CVE‑2025‑3450) that lets an unauthenticated network attacker trigger a denial‑of‑service. The issue impacts a broad swath of critical‑infrastructure sectors that depend on ABB controllers, creating supply‑chain and operational risk for third‑party relationships.

LiveThreat™ Intelligence · 📅 May 26, 2026· 📰 cisa.gov
🔴
Severity
Critical
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
2 sector(s)
Actions
5 recommended
📰
Source
cisa.gov

Critical DoS in ABB B&R Automation Runtime System Diagnostics Manager (CVE‑2025‑3450) Threatens Industrial Control Systems

What It Is – A newly disclosed CVE‑2025‑3450 describes an Improper Resource Locking flaw in the System Diagnostics Manager (SDM) component of ABB B&R Automation Runtime. The vulnerability allows an unauthenticated network attacker to delete internal data structures, forcing the runtime to halt.

Exploitability – The flaw is network‑accessible, requires no credentials, and has a CVSS v3.1 base score of 10.0 (Critical). No public exploit code has been released, but CISA’s advisory notes that the vulnerability is actively exploitable in the wild.

Affected Products – ABB B&R Automation Runtime versions < 6.3 and < Q4.93 (all deployments of the SDM component).

TPRM Impact

  • A denial‑of‑service in a PLC/automation runtime can halt production lines, leading to supply‑chain delays for downstream manufacturers.
  • Critical‑infrastructure operators (chemical, energy, water, healthcare, etc.) that rely on ABB B&R controllers face operational downtime and potential regulatory penalties.

Recommended Actions

  • Patch immediately – Deploy the ABB‑provided update referenced in the CISA advisory.
  • Segment control‑network traffic – Enforce strict VLANs and firewalls to limit external reach to SDM services.
  • Monitor for abnormal process termination – Deploy IDS/IPS signatures for the known DoS pattern.
  • Validate third‑party contracts – Ensure suppliers using ABB B&R automation have applied the fix and can demonstrate compliance.
  • Update incident‑response playbooks – Include this CVE in your OT‑specific run‑books.

Source: CISA Advisory – ICSA‑26‑146‑04

📰 Original Source
https://www.cisa.gov/news-events/ics-advisories/icsa-26-146-04

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Misconfigurations are control gaps in disguise.

Verisq AI Trust Operations turns findings like this into mapped controls with continuous evidence, keeping your audit readiness current instead of point-in-time.

Map your controls with Verisq AI Trust Operations →