CISA 2026-05-21

ABB B&R Automation Runtime

Machine-generated analysis · WAYSCloud LLM

The advisory states that the System Diagnostic Manager (SDM) is disabled by default in Automation Runtime 6 and is not intended to be enabled outside secure environments.

Context

ABB B&R Automation Runtime is a software platform used in industrial automation. The advisory identifies three vulnerabilities affecting versions prior to 6.4, including predictable number generation and cross-site scripting, which could allow session takeover or code execution in a browser context. Exploitation would require network access and potentially interaction with web interfaces. Notably, the SDM component involved is disabled by default and the vendor advises against enabling it in unsecured environments.

Operator considerations

Check: Inventory Automation Runtime versions, particularly where SDM may be enabled.
Patch: Upgrade to Automation Runtime 6.4 to resolve the vulnerabilities.
Isolate: Ensure systems with SDM enabled are within secured production networks with strict access controls.

From Cybersecurity and Infrastructure Security Agency ↗

An update is available that resolves a vulnerability identified by B&Rs internal security analysis in the product versions listed as affected in this advisory. An attacker who successfully exploited these vulnerabilities could take over a remote session or execute code in the context of the user’s browser session.

The following versions of ABB B&R Automation Runtime are affected:

Automation Runtime

Read the full advisory on CISA →