Medium severity4.2NVD Advisory· Published Oct 7, 2025· Updated Apr 15, 2026
CVE-2025-3449
CVE-2025-3449
Description
A Generation of Predictable Numbers or Identifiers vulnerability in the SDM component of B&R Automation Runtime versions before 6.4 may allow an unauthenticated network-based attacker to take over already established sessions.
Affected products
1- Range: <6.4
Patches
Vulnerability mechanics
References
1News mentions
1- ABB B&R Automation RuntimeCISA ICS Advisories