CVE-2025-3450 identifies a critical vulnerability categorized under CWE-413 (Improper Resource Locking) in the SDM component of B&R Industrial Automation's Automation Runtime software. The affected versions include 4.0 and 6.0, with fixes expected in versions 6.3 and Q4.93 or later. The vulnerability arises from improper handling of resource locking mechanisms, which allows an unauthenticated attacker to delete data remotely via network access. This deletion can cause denial of service conditions by disrupting the normal operation of the automation runtime environment. The vulnerability does not require any authentication or user interaction, making it highly exploitable. The CVSS 4.0 base score of 9.3 reflects the critical nature of this flaw, with attack vector being network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and high impact on both integrity and availability (VI:H, VA:H). The scope is high (SI:H, SA:H), indicating that the vulnerability affects components beyond the initially vulnerable component, potentially impacting the entire system. Although no known exploits are reported in the wild, the potential for disruption in industrial environments is significant, especially given the reliance on B&R Automation Runtime in manufacturing and industrial control systems. The vulnerability's exploitation could lead to operational downtime, loss of data integrity, and interruption of critical industrial processes.

For European organizations, especially those in manufacturing, energy, and critical infrastructure sectors, this vulnerability poses a significant threat. The ability for unauthenticated attackers to remotely delete data and cause denial of service can lead to operational disruptions, financial losses, and safety risks. Industrial automation systems are often integral to production lines and infrastructure management; thus, any downtime can have cascading effects on supply chains and service delivery. The impact on availability and integrity could also affect compliance with regulatory requirements such as NIS2 and GDPR if data loss or service interruptions affect personal data processing or critical services. Additionally, the lack of authentication requirements increases the risk of widespread exploitation if network defenses are insufficient. The disruption could also undermine trust in automation systems and necessitate costly incident response and recovery efforts.

1. Immediately implement network segmentation to isolate the Automation Runtime systems from general IT networks and restrict access to trusted management networks only. 2. Deploy strict firewall rules and access control lists (ACLs) to limit inbound traffic to the SDM component, allowing only necessary and authenticated connections. 3. Monitor network traffic and system logs for unusual deletion commands or anomalies indicative of exploitation attempts. 4. Coordinate with B&R Industrial Automation to obtain and apply patches or updates as soon as they are released for versions 6.3 and Q4.93 or later. 5. Conduct thorough vulnerability assessments and penetration testing focusing on industrial control systems to identify exposure. 6. Implement robust backup and recovery procedures to minimize downtime and data loss in case of successful exploitation. 7. Train operational technology (OT) personnel on recognizing and responding to potential exploitation signs. 8. Consider deploying intrusion detection/prevention systems (IDS/IPS) tailored for industrial protocols used by Automation Runtime. 9. Review and enhance incident response plans to include scenarios involving denial of service and data deletion in industrial environments.