B&R PCs vulnerable to PixieFail attack
Plan PatchCVSS 8.3sa24p003Jan 29, 2026
ABB
Attack path
Attack VectorAdjacent
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
B&R industrial PCs contain memory safety vulnerabilities (buffer overflow, out-of-bounds read, infinite loop, weak random number generation) known as PixieFail. A network attacker on the same network segment could exploit these vulnerabilities to execute remote code, initiate denial-of-service attacks, conduct DNS cache poisoning, or extract sensitive information from the device. Vulnerabilities affect multiple APC and PPC product series; APC910 will not receive a patch.
What this means
What could happen
An attacker on the same network as a B&R industrial PC could run arbitrary code on the device, potentially altering production processes, causing equipment to stop, or stealing data from the system. DNS cache poisoning could redirect the PC to malicious servers, compromising the integrity of networked controls.
Who's at risk
B&R industrial automation PCs (APC and PPC series) used in manufacturing, process control, and material handling facilities. These devices are typically used for local machine control, PLC-equivalent functions, or as panel PCs in production environments. Affected models include APC910, APC4100, APC2200, APC3100, C80, MPC3100, PPC900, PPC1200, PPC2200, and PPC3100.
How it could be exploited
An attacker on the local network segment sends malformed packets exploiting buffer overflow or memory safety issues (PixieFail) to the B&R PC. The PC processes these packets without proper validation and executes attacker-controlled code. This could allow the attacker to manipulate process setpoints, halt operations, or exfiltrate sensitive information from memory.
Prerequisites
- Network access to the B&R PC on the local network segment (AV:A suggests adjacency or shared broadcast domain)
- No authentication required
- No user interaction required
remotely exploitable over local networkno authentication requiredlow complexity exploitationhigh-impact memory safety vulnerabilities (buffer overflow)affects industrial control devicesno patch available for APC910
Exploitability
Some exploitation risk — EPSS score 2.1%
Affected products (10)
9 with fix1 EOL
ProductAffected VersionsFix Status
APC4100 <1.09<1.091.09
C80 <1.14<1.141.14
MPC3100 <1.24<1.241.24
PPC1200 <1.14<1.141.14
PPC900 <2.16<2.162.16
APC2200 <1.35<1.351.35
PPC2200 <1.35<1.351.35
APC3100 <1.45<1.451.45
Remediation & Mitigation
0/10
Schedule — requires maintenance window
0/9Patching may require device reboot — plan for process interruption
HOTFIXUpdate APC4100 to firmware version 1.09 or later
HOTFIXUpdate C80 to firmware version 1.14 or later
HOTFIXUpdate MPC3100 to firmware version 1.24 or later
HOTFIXUpdate PPC1200 to firmware version 1.14 or later
HOTFIXUpdate PPC900 to firmware version 2.16 or later
HOTFIXUpdate APC2200 to firmware version 1.35 or later
HOTFIXUpdate PPC2200 to firmware version 1.35 or later
HOTFIXUpdate APC3100 to firmware version 1.45 or later
HOTFIXUpdate PPC3100 to firmware version 1.45 or later
Mitigations - no patch available
0/1APC910 <=1.25 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGFor APC910 devices (no patch available): isolate from untrusted network segments using network segmentation, firewall rules, or VLANs to restrict access to only authorized engineering and production interfaces
CVEs (9)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/d621a722-b725-43bb-bb1b-0d6b7d5965b4Get OT security insights every Tuesday
Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.