---
title: "Critical Flaw in ABB B&R Automation Studio Exposes Industrial Systems to Attacks"
short_title: "ABB Automation Studio vulnerability exposes ICS to spoofing"
description: "ABB warns of a high-severity flaw (CVE-2025-11043) in B&R Automation Studio that could let attackers spoof trusted servers. Learn how to patch and mitigate risks now."
author: "Vitus"
date: 2025-01-24
categories: [Cybersecurity, Vulnerabilities]
tags: [abb, automation-studio, cve-2025-11043, ics-security, opc-ua]
score: 0.78
cve_ids: [CVE-2025-11043]
---
## TL;DR
ABB has disclosed a high-severity vulnerability (CVE-2025-11043) in its B&R Automation Studio software, affecting versions prior to 6.5. The flaw allows attackers to spoof trusted servers during data exchanges via ANSL over TLS or OPC-UA, potentially leading to data interception or manipulation. A patch is available, and ABB urges users to update immediately to secure industrial control systems (ICS).
Main Content
### Introduction
Industrial automation systems are the backbone of critical manufacturing infrastructure, and their security is paramount. ABB, a global leader in industrial technology, has issued an urgent advisory regarding a high-severity vulnerability in its B&R Automation Studio software. Tracked as CVE-2025-11043, this flaw could enable attackers to masquerade as trusted parties during secure communications, compromising the integrity and confidentiality of data. With affected systems deployed worldwide, this vulnerability poses a significant risk to industrial operations.
### Key Points
- Vulnerability: Improper certificate validation in ANSL over TLS and OPC-UA clients.
- Impact: Attackers can spoof trusted servers, intercept data, or alter communications.
- Affected Versions: Automation Studio versions prior to 6.5.
- Severity: CVSS 7.4 (High).
- Solution: Update to Automation Studio 6.5 or follow ABB’s mitigation guidelines.
### Technical Details
#### The Vulnerability
CVE-2025-11043 stems from improper certificate validation in the OPC-UA client and ANSL over TLS client used in ABB’s B&R Automation Studio. This flaw allows an unauthenticated attacker on the same network to intercept and manipulate data exchanges by presenting a maliciously crafted certificate. The vulnerability is classified under CWE-295 (Improper Certificate Validation).
#### Attack Vector
To exploit this flaw, an attacker must:
1. Gain access to the target network, either physically or through a compromised firewall.
2. Redirect traffic between Automation Studio and the target server using techniques like ARP spoofing or DNS manipulation.
3. Present a manipulated certificate that passes validation checks, tricking the client into trusting the attacker’s server.
Successful exploitation could lead to:
- Data interception: Capturing sensitive information transmitted between systems.
- Data manipulation: Altering commands or responses during transit.
- Disruption of operations: Causing malfunctions in industrial processes.
#### CVSS Metrics
The vulnerability has been assigned a CVSS v3.1 base score of 7.4 (High), with the following vector:CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
- Attack Vector (AV): Network (remote exploitation possible).
- Attack Complexity (AC): High (requires specific conditions).
- Privileges Required (PR): None.
- User Interaction (UI): None.
- Scope (S): Unchanged.
- Confidentiality (C): High.
- Integrity (I): High.
- Availability (A): None.
### Impact Assessment
#### Affected Systems
- Product: ABB B&R Automation Studio.
- Versions: All versions prior to 6.5.
- Sectors: Critical Manufacturing (worldwide deployment).
- Headquarters: ABB (Switzerland).
#### Potential Consequences
1. Operational Disruption: Unauthorized changes to industrial processes could lead to downtime or safety incidents.
2. Data Breaches: Sensitive operational data could be intercepted or altered.
3. Compliance Risks: Non-compliance with industry regulations (e.g., NIST, IEC 62443) due to unpatched vulnerabilities.
4. Reputation Damage: Loss of trust among customers and partners due to security lapses.
### Mitigation Steps
#### Vendor Fix
ABB has released Automation Studio version 6.5, which resolves the vulnerability. Users are strongly advised to:
1. Update immediately to version 6.5.
2. Follow the user manual for installation instructions.
3. Verify the installed version using the steps outlined in the manual.
#### Mitigation Strategies
If updating is not immediately possible, ABB recommends the following measures:
1. Network Segmentation: Operate Automation Studio within Level 2 of the ABB ICS Cyber Security Reference Architecture when connecting to Level 1 devices.
2. Firewall Configuration: Restrict network access to Automation Studio and isolate it from business networks.
3. Physical Security: Ensure control systems are physically protected and not exposed to untrusted networks.
4. Monitoring: Deploy intrusion detection systems (IDS) to detect unusual network activity.
5. VPN Usage: Use Virtual Private Networks (VPNs) for remote access, ensuring they are updated and securely configured.
#### General Security Recommendations
- Minimize network exposure for all control system devices.
- Locate ICS networks behind firewalls and isolate them from business networks.
- Use secure methods for remote access, such as VPNs with multi-factor authentication (MFA).
- Regularly audit and update security policies and practices.
### Affected Systems
| Vendor | Product | Affected Versions | Status |
|------------|---------------------------|-----------------------------|---------------------|
| ABB | B&R Automation Studio | Versions prior to 6.5 | Fixed in 6.5 |
## Conclusion
The CVE-2025-11043 vulnerability in ABB B&R Automation Studio highlights the critical importance of secure certificate validation in industrial control systems. With a CVSS score of 7.4, this flaw poses a significant risk to organizations relying on Automation Studio for their operations. ABB’s prompt release of a patch underscores the urgency of applying updates and implementing robust security measures.
Organizations must prioritize network segmentation, firewall configuration, and regular updates to mitigate risks. Failure to address this vulnerability could result in data breaches, operational disruptions, and compliance violations. Stay vigilant, patch promptly, and adhere to ICS security best practices to safeguard critical infrastructure.
## References
[^1]: ABB PSIRT. "Security Advisory SA25P004: Improper Certificate Validation in B&R Automation Studio". Retrieved 2025-01-24.
[^2]: CISA. "ICS Advisory ICSA-26-125-04: ABB B&R Automation Studio". Retrieved 2025-01-24.
[^3]: Wikipedia. "OPC Unified Architecture". Retrieved 2025-01-24.
[^4]: Wikipedia. "Transport Layer Security". Retrieved 2025-01-24.
[^5]: Wikipedia. "Industrial Control System Security". Retrieved 2025-01-24.