ABB Addresses Impersonation Vulnerability in B&R Automation Studio (CVE-2025-11043)
ABB has patched a high-severity vulnerability (CVE-2025-11043) in its B&R Automation Studio that could allow attackers to impersonate trusted parties.
ABB has released security updates for its B&R Automation Studio software to address a vulnerability related to improper certificate validation. The vulnerability, CVE-2025-11043, affects Automation Studio versions earlier than 6.5 and version 6.5.
This vulnerability could allow an attacker to masquerade as a trusted party when B&R Automation Studio establishes a connection with a server using the ANSL over TLS or OPC-UA protocol. This could lead to man-in-the-middle attacks or unauthorized access to systems. The CVSS score for this vulnerability is 7.4, indicating a high severity.
ABB has provided an update that resolves this issue. Users of ABB B&R Automation Studio are advised to update their software to the latest version to mitigate the risk of impersonation and potential security breaches. The vulnerability affects deployments in critical manufacturing sectors globally.