CISA 2026-06-04

B&R PPT30 Operating System

CVE-2025-11482

Machine-generated analysis · WAYSCloud LLM

The vulnerability affects the OPC-UA server in B&R PPT30 Operating System versions prior to 1.8.0 and could be exploited by an unauthenticated network-based attacker to block access to the service.

Context

The B&R PPT30 Operating System is used in industrial automation environments. The advisory states that an unauthenticated network-based attacker could exploit the vulnerability to permanently prevent legitimate users from accessing the OPC-UA server. The OPC-UA server is not activated by default, which limits exposure. The vendor has released version 1.8.0 to fix the issue.

Operator considerations

Check: Verify if the OPC-UA server is enabled on B&R PPT30 Operating System devices.
Patch: Upgrade to PPT30 Operating System version 1.8.0 if the OPC-UA server is enabled.
Isolate: Restrict network access to devices running the affected system if the OPC-UA server is in use.
Log: Monitor network traffic to and from the OPC-UA server for unusual activity.

From Cybersecurity and Infrastructure Security Agency ↗

B&R is aware of a vulnerability in the product versions listed as affected in the advisory. An attacker who successfully exploits this vulnerability could make the OPC-UA server of the product inaccessible.

The following versions of B&R PPT30 Operating System are affected:

PPT30 Operating System

Read the full advisory on CISA →