ABB B&R Automation Runtime

p a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-125-03.json" strong View CSAF /strong /a /p h2 Summary /h2 p strong ABB became aware of vulnerability in the product versions listed as affected in the advisory. An update is available that resolves a vulnerability. An attacker who successfully exploited this vulnerability could cause the product to stop. /strong /p p The following versions of ABB B amp;R Automation Runtime are affected: /p ul li Automation Runtime lt;6.5, gt;=6.5, =R4.93 (CVE-2025-11044, CVE-2025-11044) /li /ul div class="csaf-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS /th th role="columnheader" Vendor /th th role="columnheader" Equipment /th th role="columnheader" Vulnerabilities /th /tr /thead tbody tr td v3 6.8 /td td ABB /td td ABB B amp;R Automation Runtime /td td Allocation of Resources Without Limits or Throttling /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Critical Manufacturing /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong Switzerland /li /ul hr h2 Vulnerabilities /h2 div class="csaf-accordion" p a class="csaf-accordion-toggle-all" href="#" Expand All + /a /p div class="csaf-accordion-item" h3 a class="csaf-accordion-toggle" href="#" CVE-2025-11044 /a /h3 div class="csaf-accordion-content" p An Allocation of Resources Without Limits or Throttling vulnerability in the ANSL-Server component of B amp;R Automation Runtime versions prior to 6.5 and prior to R4.93 could be exploited by an unauthenticated attacker on the net-work to win a race condition, resulting in permanent denial-of-service (DoS) conditions on affected devices. /p p a href="https://www.cve.org/CVERecord?id=CVE-2025-11044" View CVE Details /a /p hr h4 Affected Products /h4 h5 ABB B amp;R Automation Runtime /h5 div class="ics-vendor-version-status" div class="ics-vendor" strong Vendor: /strong br ABB /div div class="ics-version" strong Product Version: /strong br ABB Automation Runtime lt;6.5, ABB Automation Runtime lt;R4.93 /div div class="ics-status" strong Product Status: /strong br fixed, known_affected /div /div div class="ics-remediations" h6 Remediations /h6 p strong Vendor fix /strong br The problem is corrected in the following product versions: - Automation Runtime 6 versions gt;= 6.5 - Automation Runtime 4 versions gt;= R4.93 B amp;R recommends that customers apply the update at earliest convenience. The process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual. /p p strong Mitigation /strong br The vulnerability cannot be exploited on all devices or across all customer applications. Extensive investigations by B amp;R have determined that shorter cycle times in customer projects increase th