ABB B&R Automation Studio

Plan PatchCVSS 7.4ICS-CERT ICSA-26-125-04Jan 19, 2026

ABBB&R Automation

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

Automation Studio versions prior to 6.5 do not properly validate server certificates when connecting to remote servers via ANSL over TLS or OPC-UA protocol. This allows an attacker positioned to intercept network traffic to masquerade as a trusted server and potentially steal credentials or modify communications between the engineering workstation and industrial devices.

What this means

What could happen

An attacker could intercept and impersonate legitimate servers when Automation Studio connects via ANSL over TLS or OPC-UA, allowing credential theft and man-in-the-middle attacks on industrial communications.

Who's at risk

B&R Automation engineering teams and anyone using Automation Studio for PLC/automation device configuration. Impact is greatest for sites where Automation Studio connects to remote servers over TLS-protected protocols (ANSL, OPC-UA), particularly those on untrusted or bridged networks.

How it could be exploited

An attacker on the network intercepts the TLS handshake when Automation Studio initiates a connection to a server over ANSL or OPC-UA. Because the application does not properly validate the server certificate, the attacker can present a fraudulent certificate and the client will accept it, allowing the attacker to intercept and modify traffic or steal authentication credentials.

Prerequisites

Network access to intercept traffic between Automation Studio and remote servers (man-in-the-middle position)
Ability to respond to TLS connection requests with a fraudulent certificate

remotely exploitablelow complexityman-in-the-middle capableaffects credentials and communications

Exploitability

Unlikely to be exploited — EPSS score 0.0%

Affected products (1)

ProductAffected VersionsFix Status

Automation Studio <6.5<6.56.5

Remediation & Mitigation

0/1

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Automation Studio to version 6.5 or later

CVEs (1)

CVE-2025-11043

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/f3f4afdb-60be-43e9-9338-591850df7e8f

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.