ABB B&R Automation Runtime Vulnerabilities Enable Session Hijacking and Code Injection
ABB B&R Automation Runtime systems before version 6.4 contain critical vulnerabilities in the System Diagnostics Manager that allow unauthenticated attackers to hijack user sessions, execute malicious JavaScript, and inject formulas into exported data. These flaws stem from predictable session identifiers, inadequate input validation, and insufficient output encoding - fundamental security controls that were not properly implemented. Industrial control systems like these are critical infrastructure components, making these vulnerabilities particularly dangerous as they could enable attackers to compromise operational technology environments. The fact that SDM is disabled by default highlights the importance of secure configuration practices and understanding which optional features introduce security risks.
Tactical Insight
Immediate actions
- Upgrade all ABB B&R Automation Runtime systems to version 6.4 or later
- Verify System Diagnostics Manager is disabled unless explicitly required for operations
- Scan industrial networks for vulnerable automation systems using asset discovery tools
Configuration hardening
- Implement network segmentation to isolate operational technology systems from corporate networks
- Deploy web application firewalls to filter malicious input on any exposed industrial interfaces
- Enable secure session management controls including random session tokens and timeout policies
Long-term security
- Establish vulnerability management processes specifically for industrial control systems
- Create security baselines for all automation platform configurations
- Implement regular security assessments of operational technology environments