Volerion logoVolerion
Volerion logoVolerion

B&R Automation Runtime Improper Resource Locking Vulnerability Leading to Denial-of-Service

Vulnerability

A denial-of-service vulnerability has been identified in B&R Automation Runtime versions prior to 6.3 and before Q4.93. This issue arises from improper resource locking in the System Diagnostics Manager (SDM) component, allowing an unauthenticated network-based attacker to send specially crafted messages that could disrupt system operations by causing the affected system node to stop.

Impact

Exploitation of this vulnerability can lead to a denial-of-service condition, causing the affected system node to stop functioning.

Remediation

Users are advised to update to B&R Automation Runtime versions 6.3 or Q4.93. For those using the System Diagnostic Manager (SDM), which is disabled by default in Automation Runtime 6, it is recommended to apply the update at the earliest convenience. The process for installing updates is described in the user manual.

Added: Oct 7, 2025, 7:05 PM
Updated: Oct 7, 2025, 7:05 PM

Vulnerability Rating

Custom Algorithm
spread
4.5
impact
2.5
exploitability
7.8
remediation
8.3
relevance
0.7
threat
0.0
urgency
2.9
incentive
10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.