CVE-2025-3450 | THREATINT

Description

An Improper Resource Locking vulnerability in the SDM component of B&R Automation Runtime versions before 6.3 and before Q4.93 may allow an unauthenticated network-based attacker to delete data causing denial of service conditions.

PUBLISHED Reserved 2025-04-08 | Published 2025-10-07 | Updated 2025-10-08 | Assigner ABB

CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H

CRITICAL: 10.0CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H

Problem types

CWE-413 Improper Resource Locking

Product status

Default status

unaffected

6.0 before 6.3

affected

4.0 before Q4.93

affected

References

www.br-automation.com/fileadmin/SA25P002-f6a69e61.pdf

cve.org (CVE-2025-3450)

nvd.nist.gov (CVE-2025-3450)

Download JSON