A critical vulnerability has been identified in B&R Industrial Automation Automation Runtime, a platform commonly used in industrial control systems. This flaw, rated with the highest possible severity score, could allow a remote attacker to cause a complete system shutdown or potentially execute malicious code, leading to a total loss of control over industrial processes and creating significant operational and safety risks.

The vulnerability is an Improper Resource Locking flaw. This type of defect occurs when the software does not correctly manage access to a shared resource, creating a race condition. A remote, unauthenticated attacker could send a sequence of specially crafted requests to the affected system, exploiting this race condition to trigger a deadlock or memory corruption. Successful exploitation could cause the system to become completely unresponsive, resulting in a denial-of-service, or could potentially be leveraged to achieve arbitrary code execution, giving the attacker full control over the industrial controller.

This vulnerability represents a critical risk to the organization, reflected by its CVSS score of 10. Exploitation could result in the complete disruption of operational technology (OT) environments that rely on B&R Automation Runtime. Potential consequences include immediate production stoppage, financial losses due to downtime, damage to physical equipment, and potential risks to personnel safety. A successful attack could compromise the integrity and availability of critical industrial processes, leading to significant reputational damage and regulatory scrutiny.

Immediate Action: Per vendor guidance, immediately update all instances of B&R Industrial Automation Automation Runtime to a patched version (6.3, Q4.93, or later). After patching, closely monitor affected systems for any signs of exploitation attempts and review system and network access logs for anomalous activity preceding the update.

Proactive Monitoring: Implement enhanced monitoring on networks hosting the affected systems. Look for unusual traffic patterns, repeated connection attempts, or unexpected system reboots or crashes. System logs should be monitored for errors related to resource contention, deadlocks, or application faults that could indicate an exploitation attempt.

Compensating Controls: If immediate patching is not feasible, implement the following compensating controls:

• Segment the network to isolate affected industrial control systems from corporate IT networks and the internet.
• Use a firewall or Access Control Lists (ACLs) to strictly limit network access to the affected devices, allowing connections only from trusted management systems.
• Deploy an Intrusion Prevention System (IPS) with rulesets designed to detect and block anomalous traffic patterns indicative of exploitation.

Public Exploit Available: false

Due to the critical severity (CVSS 10) of this vulnerability, immediate action is required. All affected B&R Automation Runtime assets must be identified and patched on an emergency basis. Although this CVE is not currently on the CISA KEV list, its critical nature makes it a prime candidate for future inclusion. If patching cannot be performed immediately, the compensating controls outlined above must be implemented without delay to reduce the attack surface and mitigate the severe risk to operational continuity and safety.