ABB B&R Automation Runtime
Summary
ABB has identified a critical vulnerability in its B&R Automation Runtime product, specifically affecting versions prior to 6.5 and R4.93. An attacker could exploit this flaw to cause a denial-of-service, disrupting the product's operation. A patch is available to resolve this issue.
IFF Assessment
This vulnerability allows an attacker to disrupt critical industrial automation systems, which is detrimental to defenders.
Severity
The CVSS score of 6.8 reflects a moderate severity. The vulnerability has an attack vector of network, requires no privileges, and no user interaction, but its impact is limited to denial of service. The specific exploitation mechanism of winning a race condition adds some complexity.
Defender Context
This advisory highlights a critical vulnerability in industrial control systems (ICS) that could lead to service disruptions. Defenders should prioritize patching ABB B&R Automation Runtime to versions 6.5 or R4.93. Network segmentation and strict access controls to these critical systems are crucial mitigation strategies, especially if immediate patching is not feasible.