CISA 2026-05-05

ABB B&R Automation Runtime

CVE-2025-11044

Machine-generated analysis · WAYSCloud LLM

An unauthenticated network attacker can trigger a permanent DoS via race condition in ANSL-Server. The advisory notes shorter cycle times in customer projects increase exploitation likelihood.

Context

ABB B&R Automation Runtime is an industrial control system runtime environment. The advisory states an unauthenticated network attacker can exploit a resource allocation vulnerability to cause permanent denial-of-service. Worth noting: the vendor indicates exploitation probability varies with application-specific cycle times.

Operator considerations

Check: Inventory ABB Automation Runtime versions below 6.5 or R4.93
Patch: Upgrade to Automation Runtime ≥6.5 or ≥R4.93
Log: Monitor for service disruptions on unpatched devices

From Cybersecurity and Infrastructure Security Agency ↗

ABB became aware of vulnerability in the product versions listed as affected in the advisory. An update is available that resolves a vulnerability. An attacker who successfully exploited this vulnerability could cause the product to stop.

The following versions of ABB B&R Automation Runtime are affected:

Automation Runtime =6.5, =R4.93 (CVE-2025-11044, CVE-2025-11044)

Vendor

Equipment

ABB

ABB B&R Automation Runtime

Allocation of Resources Without Limits or Throttling

Critical Infrastructure Sectors: Critical Manufacturing

Countries/Areas Deployed: Worldwide

Company Headquarters Location: Switzerland

An Allocation of Resources Without Limits or Throttling vulnerability in the ANSL-Server component of B&R Automation Runtime versions prior to 6.5 and prior to R4.93 could be exploited by an unauthenticated attacker on the net-work to win a race condition, resulting in permanent...

Read the full advisory on CISA →