Summary
ABB became aware of vulnerability in the product versions listed as affected in the advisory. An update is available that resolves a vulnerability. An attacker who successfully exploited this vulnerability could cause the product to stop.
The following versions of ABB B&R Automation Runtime are affected:
- Automation Runtime <6.5, >=6.5, =R4.93 (CVE-2025-11044, CVE-2025-11044)
| CVSS | Vendor | Equipment | Vulnerabilities |
|---|---|---|---|
| v3 6.8 | ABB | ABB B&R Automation Runtime | Allocation of Resources Without Limits or Throttling |
Background
- Critical Infrastructure Sectors: Critical Manufacturing
- Countries/Areas Deployed: Worldwide
- Company Headquarters Location: Switzerland
Vulnerabilities
CVE-2025-11044
An Allocation of Resources Without Limits or Throttling vulnerability in the ANSL-Server component of B&R Automation Runtime versions prior to 6.5 and prior to R4.93 could be exploited by an unauthenticated attacker on the net-work to win a race condition, resulting in permanent denial-of-service (DoS) conditions on affected devices.
Affected Products
ABB B&R Automation Runtime
ABB
ABB Automation Runtime <6.5, ABB Automation Runtime <R4.93
fixed, known_affected
Remediations
Vendor fix
The problem is corrected in the following product versions: – Automation Runtime 6 versions >= 6.5 – Automation Runtime 4 versions >= R4.93 B&R recommends that customers apply the update at earliest convenience. The process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.
Mitigation
The vulnerability cannot be exploited on all devices or across all customer applications. Extensive investigations by B&R have determined that shorter cycle times in customer projects increase the likelihood of potential exploitation. For customers unable to transition to a patched version, adjusting their application configuration to longer cycle times may therefore be considered as a mitigating measure. B&R Automation Runtime is designed to be operated on Level 1 of the ABB ICS Cyber Security Reference Architecture. Exploitation of the vulnerability from outside Level 1 would require an attacker to bypass the Control Network Firewall. Limiting the maximum data traffic and the maximum number of concurrent connections to the ANSL server of Automation Runtime on the Control Network Firewall, shall be considered to mitigate this vulnerability. B&R further recommends, in alignment with its Defense in Depth for B&R Products guidelines, that customers: – Test the maximum load capacity of their application under Automation Runtime before commissioning. – Restrict the permitted data traffic to the device via the Control Network Firewall to no more than 80% of the measured peak traffic value. Refer to section “General security recommendations” for further advise on how to keep your system secure.
Relevant CWE: CWE-770 Allocation of Resources Without Limits or Throttling
Metrics
| CVSS Version | Base Score | Base Severity | Vector String |
|---|---|---|---|
| 3.1 | 6.8 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H/RL:O/RC:C |
Acknowledgments
- ABB PSIRT reported this vulnerability to CISA.
Notice
The information in this document i
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: