Cyber Security Advisory for B&R Automation Runtime

This document is a Cyber Security Advisory detailing vulnerabilities in the System Diagnostic Manager (SDM) of B&R Automation Runtime versions prior to 6.4. It outlines the identification of potential product issues through a rigorous internal cyber security process. The advisory informs customers about specific vulnerabilities, including CVE-2025-3449, CVE-2025-3448, and CVE-2025-11498, which could allow unauthorized access or code execution in user sessions. The document emphasizes the importance of applying updates and disabling the SDM on unsecured systems. It also provides recommendations for mitigating risks associated with these vulnerabilities, such as avoiding hyperlinks from untrusted sources and employing external Web Application Firewalls. The advisory aims to ensure customers are informed about the vulnerabilities and the necessary steps to protect their systems. It also clarifies that the release of this advisory does not indicate an active threat.