VYPR
patchPublished May 5, 2026· Updated May 17, 2026· 1 source

ABB Patches Critical Denial-of-Service Flaw in B&R Automation Runtime

ABB has issued patches for a resource allocation vulnerability in its B&R Automation Runtime that could allow remote, unauthenticated attackers to cause a permanent denial-of-service condition.

ABB has released security updates to address a critical vulnerability in its B&R Automation Runtime, a component widely used in the critical manufacturing sector. The flaw, identified as CVE-2025-11044, carries a CVSS base score of 6.8 and could allow an unauthenticated, remote attacker to trigger a permanent denial-of-service (DoS) condition on affected industrial control systems CISA.

The vulnerability resides within the ANSL-Server component of the B&R Automation Runtime. It is classified as an "Allocation of Resources Without Limits or Throttling" issue (CWE-770). According to the advisory, an attacker can exploit this flaw by winning a race condition, which ultimately causes the product to stop functioning CISA. Because the vulnerability allows for a permanent DoS, the impact on industrial operations could be significant, potentially halting critical manufacturing processes.

The affected software includes B&R Automation Runtime versions prior to 6.5 and versions prior to R4.93. ABB has addressed this issue in newer releases, specifically Automation Runtime versions 6.5 and higher, and Automation Runtime 4 versions R4.93 and higher CISA. The vendor strongly recommends that all customers apply these updates at their earliest convenience to restore the integrity of their control systems.

For organizations unable to immediately deploy the patches, ABB has provided several mitigation strategies. Because the likelihood of exploitation increases with shorter cycle times in customer projects, adjusting application configurations to utilize longer cycle times may reduce risk. Additionally, since the runtime is designed for Level 1 of the ABB ICS Cyber Security Reference Architecture, operators should ensure that the Control Network Firewall is properly configured to limit data traffic and the number of concurrent connections to the ANSL server CISA.

ABB further advises that users should test the maximum load capacity of their applications before commissioning and restrict permitted data traffic to the device to no more than 80% of the measured peak traffic value. These measures are intended to align with the company's "Defense in Depth" guidelines, which emphasize restricting network access to critical components to prevent unauthorized exploitation CISA.

This vulnerability highlights the ongoing security challenges within industrial control environments, where resource management flaws can lead to severe operational disruptions. As critical infrastructure sectors continue to rely on integrated automation platforms, the ability to remotely trigger a permanent DoS underscores the necessity of strict network segmentation and proactive patch management. Organizations operating these systems should monitor vendor advisories closely and implement the recommended firewall restrictions to minimize their attack surface CISA.

Synthesized by Vypr AI