VYPR
advisoryPublished May 5, 2026· Updated May 17, 2026· 1 source

ABB Patches Critical Certificate Validation Flaw in B&R Automation Studio

ABB has patched a high-severity certificate validation vulnerability in its B&R Automation Studio software that could allow attackers to intercept and spoof secure industrial communications.

ABB has released a security update for its B&R Automation Studio software to address a critical vulnerability that could allow an attacker to intercept and manipulate sensitive data exchanges. The flaw, tracked as CVE-2025-11043, carries a CVSS v3.1 base score of 7.4, classifying it as high severity CISA.

The vulnerability stems from improper certificate validation within the OPC-UA and ANSL over TLS client implementations used by the software CISA. Because the system fails to adequately verify server certificates, an unauthenticated attacker positioned on the network could perform a man-in-the-middle attack. By intercepting and redirecting communications between the Automation Studio environment and a target server, the attacker can masquerade as a trusted party, potentially interfering with or altering data exchanges CISA.

The issue affects all versions of ABB B&R Automation Studio prior to version 6.5 CISA. B&R Automation Studio is a comprehensive development environment used for automation solutions, including control, motion technology, HMI, and integrated safety systems. Given its role in critical manufacturing, the vulnerability poses a significant risk to operational technology environments worldwide CISA.

To remediate the flaw, ABB has released version 6.5 of B&R Automation Studio, which includes the necessary security fixes CISA. The company urges users to update their software at their earliest convenience. Detailed instructions for identifying the currently installed version and performing the update process can be found in the product's user manual CISA.

In addition to applying the patch, ABB recommends specific operational mitigations to reduce the risk of exploitation. The vendor advises that B&R Automation Studio should be operated within Level 2 of the ABB ICS Cyber Security Reference Architecture when connecting to Level 1 devices via ANSL over TLS or OPC-UA CISA. By maintaining these connections within a trusted, segmented network environment, the likelihood of an attacker successfully intercepting traffic and presenting manipulated certificates is significantly reduced CISA.

This vulnerability highlights the ongoing challenges of securing industrial control systems against network-based interception attacks. As organizations continue to integrate automation software with broader network infrastructures, ensuring robust certificate validation remains a critical component of maintaining the integrity of industrial communications. Users should monitor vendor advisories for further security updates and adhere to established ICS security architectures to defend against similar threats CISA.

Synthesized by Vypr AI