Medium severity6.1NVD Advisory· Published Oct 14, 2025· Updated Apr 15, 2026
CVE-2025-11498
CVE-2025-11498
Description
An Improper Neutralization of Formula Elements in a CSV File vulnerability exists in System Diagnostics Manager (SDM) of B&R Automation Runtime versions before 6.4 enabling a remote attacker to inject formula data into a generated CSV file. The exploitation of this vulnerability requires the attacker to create a malicious link. The user would need to click on this link, after which the resulting CSV file addi-tionally needs to be manually opened.
Affected products
2- Range: <6.4
- Range: <6.4
Patches
Vulnerability mechanics
References
1News mentions
1- ABB B&R Automation RuntimeCISA ICS Advisories