B&R PCs vulnerable to PixieFail attack
Plan PatchCVSS 8.3SA24P003Jan 29, 2026
ABB
Attack path
Attack VectorAdjacent
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
ABB B&R industrial PCs (APC and PPC series, C80, MPC3100) are vulnerable to the PixieFail attack—a network-based exploitation that can result in remote code execution, denial of service, DNS cache poisoning, or information disclosure. The vulnerabilities stem from buffer overflows, integer overflows, and insufficient random number generation in affected firmware versions.
What this means
What could happen
An attacker on your plant network could run commands on the PC, disrupt operations through denial of service, corrupt network resolution, or steal sensitive configuration or process data from the industrial controller.
Who's at risk
B&R Automation industrial PCs used in manufacturing control, process automation, and plant management systems are affected. This includes APC series (APC910, APC2200, APC3100, APC4100), PPC series (PPC900, PPC1200, PPC2200, PPC3100), C80 automation controllers, and MPC3100 mobile control devices. Any plant using these devices for real-time control, data acquisition, or machine automation should prioritize updates.
How it could be exploited
An attacker with network access to the B&R PC can send specially crafted network packets to trigger buffer overflow or integer overflow conditions in the firmware. This allows the attacker to execute arbitrary code, crash the device, poison DNS replies, or extract sensitive data from memory—all without needing valid credentials or physical access.
Prerequisites
- Network connectivity to the B&R PC (typically on plant Ethernet network)
- No authentication required
- Attacker can send network packets to the device
remotely exploitableno authentication requiredlow complexity attackhigh CVSS score (8.3)affects native OT equipmentno patch available for APC910
Exploitability
Unlikely to be exploited — EPSS score 0.5%
Affected products (10)
9 with fix1 EOL
ProductAffected VersionsFix Status
APC4100 <1.09<1.091.09
C80 <1.14<1.141.14
MPC3100 <1.24<1.241.24
PPC1200 <1.14<1.141.14
PPC900 <2.16<2.162.16
APC2200 <1.35<1.351.35
PPC2200 <1.35<1.351.35
APC3100 <1.45<1.451.45
Remediation & Mitigation
0/11
Do now
0/1WORKAROUNDFor APC910 (no patch available): restrict network access to the device using firewall rules or network segmentation; allow only trusted engineering workstations and plant systems to communicate with the device
Schedule — requires maintenance window
0/9Patching may require device reboot — plan for process interruption
HOTFIXUpdate APC4100 to firmware version 1.09 or later
HOTFIXUpdate C80 to firmware version 1.14 or later
HOTFIXUpdate MPC3100 to firmware version 1.24 or later
HOTFIXUpdate PPC1200 to firmware version 1.14 or later
HOTFIXUpdate PPC900 to firmware version 2.16 or later
HOTFIXUpdate APC2200 to firmware version 1.35 or later
HOTFIXUpdate PPC2200 to firmware version 1.35 or later
HOTFIXUpdate APC3100 to firmware version 1.45 or later
HOTFIXUpdate PPC3100 to firmware version 1.45 or later
Mitigations - no patch available
0/1APC910 <=1.25 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGIsolate or air-gap APC910 devices from untrusted networks if operationally feasible
CVEs (9)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/ebd8713a-5730-4667-9a6e-ebc99a3300d0Get OT security insights every Tuesday
Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.