B&R Automation Runtime
Easy fix3 remedies
cpe:2.3:a:br-automation:automation_runtime:*:*:*:*:*:*:*
Easy fix3 remedies
- < 6.4
B&R Automation Runtime Weak Session Token Vulnerability in System Diagnostic Manager
Vulnerability
Patched
A vulnerability has been identified in the System Diagnostic Manager (SDM) component of B&R Automation Runtime, specifically in versions prior to 6.4. This vulnerability arises from the generation of predictable session tokens, which could allow an unauthenticated network-based attacker to take over established user sessions. The issue is exacerbated by the lack of session-specific data processing and authentication mechanisms at the session level in the SDM.
Impact
Exploitation of this vulnerability could lead to unauthorized takeover of user sessions in the context of the SDM component.
Remediation
Users are advised to update to B&R Automation Runtime version 6.4 or later. For those using the System Diagnostic Manager, B&R recommends applying the update based on a risk assessment at the earliest convenience. The process to install updates is described in the user manual.
Added: Oct 7, 2025, 7:28 PM
Updated: Oct 7, 2025, 7:28 PM
Vulnerability Rating
Custom Algorithm
spread
4.5impact
5.0exploitability
5.9remediation
8.3relevance
0.6threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.