---
title: "ABB B&R Automation Runtime Vulnerability Exposes Critical Systems to DoS Attacks"
short_title: "ABB Automation Runtime DoS vulnerability patched"
description: "ABB patches a medium-severity DoS vulnerability (CVE-2025-11044) in B&R Automation Runtime. Learn how to secure your systems and mitigate risks."
author: "Vitus"
date: 2025-01-24
categories: [Cybersecurity, Vulnerabilities]
tags: [abb, automation runtime, dos, cve-2025-11044, ics security]
score: 0.65
cve_ids: [CVE-2025-11044]
---
## TL;DR
ABB has released patches for a medium-severity vulnerability (CVE-2025-11044) in its B&R Automation Runtime software. If exploited, this flaw could allow unauthenticated attackers to cause permanent denial-of-service (DoS) conditions on affected devices. Organizations using Automation Runtime versions prior to 6.5 or R4.93 are urged to apply updates immediately and implement recommended mitigations.
Main Content
### Introduction
Industrial control systems (ICS) are the backbone of critical manufacturing and infrastructure sectors worldwide. A recently disclosed vulnerability in ABB’s B&R Automation Runtime highlights the ongoing risks faced by these systems. ABB has addressed a resource allocation flaw (CVE-2025-11044) that could enable attackers to disrupt operations by exploiting insufficient throttling mechanisms in the ANSL-Server component. This article explores the technical details, impact, and steps organizations can take to secure their systems.
### Key Points
- Vulnerability Identified: CVE-2025-11044 affects ABB B&R Automation Runtime versions prior to 6.5 and R4.93.
- Exploitation Risk: Unauthenticated attackers on the network can exploit this flaw to cause permanent DoS conditions.
- Affected Sectors: Primarily impacts critical manufacturing sectors worldwide.
- Patch Available: ABB has released updates (Automation Runtime 6.5+ and R4.93+) to resolve the issue.
- Mitigation Strategies: Adjusting cycle times, limiting network traffic, and implementing firewall rules can reduce exploitation risks.
### Technical Details
The vulnerability stems from an Allocation of Resources Without Limits or Throttling flaw in the ANSL-Server component of ABB B&R Automation Runtime. Specifically:
- Attackers can exploit a race condition by sending specially crafted messages to the affected system.
- Successful exploitation leads to permanent DoS conditions, rendering the device inoperable.
- The flaw is classified as medium severity (CVSS 6.8) due to its high attack complexity and the requirement for network access.
#### CVSS Metrics
| Metric | Value |
|--------------------------|---------------------------------------------------------------------------|
| CVSS Version | 3.1 |
| Base Score | 6.8 |
| Severity | Medium |
| Vector String | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H/RL:O/RC:C |
### Impact Assessment
#### Potential Consequences
- Operational Disruption: Exploitation could lead to permanent DoS conditions, halting production lines and critical processes.
- Financial Losses: Downtime in manufacturing environments can result in significant financial losses and delays.
- Safety Risks: In some cases, abrupt system failures could pose safety risks to personnel and equipment.
#### Attack Vector
- Remote Exploitation: Attackers with network access to the affected system can exploit this vulnerability.
- No Authentication Required: The flaw does not require authentication, increasing the risk of exploitation.
- Firewall Bypass: Exploitation from outside Level 1 of the ABB ICS Cyber Security Reference Architecture would require bypassing a Control Network Firewall.
### Mitigation Steps
ABB has provided patches and mitigation strategies to address this vulnerability:
#### 1. Apply Updates
- Update to Automation Runtime 6.5 or later for version 6 users.
- Update to Automation Runtime R4.93 or later for version 4 users.
- Follow ABB’s user manual for update instructions.
#### 2. Adjust Application Configuration
- For customers unable to update immediately, increasing cycle times in customer projects may reduce exploitation risks.
#### 3. Network-Level Protections
- Limit Data Traffic: Restrict the maximum data traffic and concurrent connections to the ANSL server via the Control Network Firewall.
- Isolate Systems: Ensure Automation Runtime operates on Level 1 of the ABB ICS Cyber Security Reference Architecture.
- Test Load Capacity: Before commissioning, test the maximum load capacity of applications under Automation Runtime.
- Restrict Traffic: Limit permitted data traffic to no more than 80% of the measured peak traffic value.
#### 4. General Security Recommendations
- Physical Protection: Ensure control systems are physically protected and not directly connected to the internet.
- Firewall Configuration: Use firewalls to separate control system networks from business networks.
- Remote Access: When remote access is required, use secure methods like VPNs (ensure VPNs are updated and patched).
- Monitor for Malicious Activity: Follow established procedures to report and track suspicious activity.
### Affected Systems
The following versions of ABB B&R Automation Runtime are affected:
- Automation Runtime versions prior to 6.5
- Automation Runtime versions prior to R4.93
## Conclusion
The discovery of CVE-2025-11044 underscores the importance of proactive cybersecurity measures in industrial environments. While the vulnerability is classified as medium severity, its potential to cause permanent DoS conditions makes it a critical concern for organizations relying on ABB’s B&R Automation Runtime. By applying the latest patches, adjusting configurations, and implementing network-level protections, organizations can significantly reduce their risk exposure.
Stay vigilant, prioritize updates, and adhere to defense-in-depth strategies to safeguard critical infrastructure from emerging threats.
## References
[^1]: ABB PSIRT. "Security Advisory SA25P005: ABB B&R Automation Runtime Vulnerability". Retrieved 2025-01-24.
[^2]: CISA. "ICS Advisory ICSA-26-125-03: ABB B&R Automation Runtime". Retrieved 2025-01-24.
[^3]: MITRE. "CWE-770: Allocation of Resources Without Limits or Throttling". Retrieved 2025-01-24.