ABB B&R Automation Runtime
MonitorCVSS 6.8ICS-CERT ICSA-26-125-03Jan 19, 2026
ABBB&R Automation
Attack path
Attack VectorNetwork
Auth RequiredNone
ComplexityHigh
User InteractionNone needed
Summary
Vulnerability in ABB B&R Automation Runtime allows improper handling of network flooding conditions on the ANSL Server. An attacker on the network can send a flood of packets that causes the Automation Runtime to stop responding, disrupting industrial processes. The vulnerability affects Automation Runtime versions below 6.5 (version 6 branch) and below R4.93 (version 4 branch).
What this means
What could happen
An attacker could send network traffic that causes the Automation Runtime to stop responding, interrupting production processes that depend on the controller.
Who's at risk
Manufacturing facilities and industrial automation systems using ABB or B&R Automation Runtime controllers for process control, especially those with Automation Runtime 4 or 6 versions exposed to untrusted networks.
How it could be exploited
An attacker with network access to the ANSL Server port can send a flood of specially crafted packets that exhaust the runtime's ability to process requests, causing a denial of service. This requires no authentication.
Prerequisites
- Network access to ANSL Server port on the Automation Runtime
- No credentials required
remotely exploitableno authentication requiredaffects industrial control runtimedenial of service impact on production
Exploitability
Unlikely to be exploited — EPSS score 0.1%
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
Automation Runtime <6.5<6.5>=6.5
Automation Runtime <R4.93<R4.93>=6.5
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate Automation Runtime to version 6.5 or later (Automation Runtime 6 branch) or R4.93 or later (Automation Runtime 4 branch)
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/5c75a909-f709-4702-a991-9ba00e68f170Get OT security insights every Tuesday
Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.