CISA Warns of Critical SQLite Flaws in ABB B&R Automation Studio, CVSS 9.8
CISA has issued an advisory for over 20 vulnerabilities in ABB B&R Automation Studio, including critical SQLite flaws with CVSS scores up to 9.8 that could allow remote code execution.
CISA published an advisory on May 21, 2026, warning of multiple critical vulnerabilities in ABB B&R Automation Studio versions prior to 6.5. The flaws, inherited from outdated SQLite components, include heap-based buffer overflows, integer overflows, and use-after-free issues, with CVSS scores reaching 9.8. An attacker could exploit these remotely to achieve unauthorized access, data exposure, or remote code execution.
The advisory covers over 20 CVEs, including CVE-2025-6965, CVE-2025-3277, and CVE-2023-7104, among others. CVE-2025-6965 involves a memory corruption issue in SQLite versions before 3.50.2 where the number of aggregate terms could exceed available columns. CVE-2025-3277 is an integer overflow in SQLite's concat_ws() function that can lead to a massive heap buffer overflow of approximately 4GB. CVE-2023-7104 is a heap-based buffer overflow in the sessionReadRecord function.
ABB B&R Automation Studio is an integrated development environment used for programming and configuring industrial automation systems. The software is deployed worldwide across the energy sector, with the vendor headquartered in Switzerland. The vulnerabilities affect all versions prior to 6.5, which ABB has released to remediate the issues.
ABB recommends that customers apply the update at their earliest convenience. The process to install updates is described in the user manual, along with steps to identify the installed product version. The vendor also advises referring to the section on general security recommendations for advice on how to keep systems secure.
Although no successful exploitation was observed during testing of the affected B&R products, the identified vulnerabilities could present potential attack vectors that might enable unauthorized access, data exposure, or remote code execution. The critical severity of these flaws, combined with the network-based attack vector and low complexity, makes them particularly dangerous for industrial environments.
This advisory follows a pattern of CISA warnings for ABB products. Earlier in May 2026, CISA warned of three vulnerabilities in ABB B&R Automation Runtime, including a session hijack flaw (CVE-2025-3449). The agency also recently warned of UEFI PXE flaws in ABB B&R industrial PCs and an insecure default in ABB Automation Builder Gateway. These repeated advisories highlight the ongoing challenge of securing legacy components in industrial control systems.
The vulnerabilities underscore the risks of outdated third-party components in industrial software. SQLite, a widely used embedded database library, has been the source of numerous vulnerabilities over the years, and its inclusion in critical infrastructure software creates a broad attack surface. Organizations using ABB B&R Automation Studio should prioritize updating to version 6.5 to mitigate these risks.