CISA 2026-05-21

ABB B&R PCs

Machine-generated analysis · WAYSCloud LLM

The advisory states that multiple ABB B&R PC models are affected by several vulnerabilities allowing remote code execution, DoS, DNS cache poisoning, or information disclosure.

Context

ABB B&R PCs are industrial computing platforms used in automation and control systems. The advisory states that unpatched versions of these devices are vulnerable to network-based attacks that could lead to remote code execution, denial-of-service, DNS cache poisoning, or extraction of sensitive information. An update is available to address these issues. The same set of nine CVEs applies across all affected models, suggesting a common underlying component or firmware base.

Operator considerations

Check: inventory all ABB B&R PC models listed in the advisory to identify those running vulnerable versions.
Patch: apply the available update to affected devices to remediate the vulnerabilities.

From Cybersecurity and Infrastructure Security Agency ↗

ABB became aware of vulnerability in the product versions listed as affected in the advisory. An update is now available that addresses and remediates the vulnerability. A network attacker could exploit the vulnerabilities to execute remote code, initiate DoS attacks, conduct DNS cache poisoning, or extract sensitive information.

The following versions of ABB B&R PCs are affected:

APC4100

Read the full advisory on CISA →