B&R PCs vulnerable to PixieFail attack
Plan Patch8.3SA24P003Jan 29, 2026
Attack VectorAdjacent
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
ABB identified vulnerabilities in B&R PC product lines that allow network-based attackers to execute arbitrary code, cause denial of service, perform DNS cache poisoning attacks, or exfiltrate sensitive data. The vulnerabilities are present in buffer handling and memory management (CWE-125, CWE-119, CWE-835) and cryptographic random number generation (CWE-338). Patches are available for most products except APC910, which will not receive a fix.
What this means
What could happen
An attacker with network access to a vulnerable B&R PC could run arbitrary code, cause the device to stop responding, poison network DNS records, or steal configuration and operational data. This could disrupt control logic execution and compromise the integrity of process commands.
Who's at risk
This affects B&R industrial PCs used in manufacturing, process control, and utility automation. Specifically, the APC4100, APC910, C80, MPC3100, PPC1200, PPC900, APC2200, PPC2200, APC3100, and PPC3100 series are vulnerable. Any facility running these devices for process logic, data acquisition, or HMI functions should prioritize assessment and patching.
How it could be exploited
An attacker on the same network segment sends specially crafted network packets to the B&R PC. The device processes these packets without proper validation, allowing the attacker to execute code or trigger denial-of-service conditions. The attack requires no authentication or user interaction.
Prerequisites
- Network access to the B&R PC (same network segment or routed path)
- No authentication required
- No special configuration or user action needed
Remotely exploitable over networkNo authentication requiredLow attack complexityAffects industrial control PCsOne product has no patch available (APC910)Can enable code execution, denial of service, DNS poisoning, and data theft
Exploitability
Low exploit probability (EPSS 0.5%)
Affected products (10)
9 with fix1 EOL
ProductAffected VersionsFix Status
APC4100 <1.09<1.091.09
C80 <1.14<1.141.14
MPC3100 <1.24<1.241.24
PPC1200 <1.14<1.141.14
PPC900 <2.16<2.162.16
APC2200 <1.35<1.351.35
PPC2200 <1.35<1.351.35
APC3100 <1.45<1.451.45
Remediation & Mitigation
0/12
Do now
0/1WORKAROUNDFor APC910 (no patch available): restrict network access to these devices using firewall rules, disabling unnecessary network services, and isolating the device on a segmented OT network
Schedule — requires maintenance window
0/9Patching may require device reboot — plan for process interruption
HOTFIXUpdate APC4100 firmware to version 1.09 or later
HOTFIXUpdate C80 firmware to version 1.14 or later
HOTFIXUpdate MPC3100 firmware to version 1.24 or later
HOTFIXUpdate PPC1200 firmware to version 1.14 or later
HOTFIXUpdate PPC900 firmware to version 2.16 or later
HOTFIXUpdate APC2200 firmware to version 1.35 or later
HOTFIXUpdate PPC2200 firmware to version 1.35 or later
HOTFIXUpdate APC3100 firmware to version 1.45 or later
HOTFIXUpdate PPC3100 firmware to version 1.45 or later
Mitigations - no patch available
0/2APC910 <=1.25 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGImplement network segmentation to limit communication to these B&R PCs only from trusted engineering and control workstations
HARDENINGMonitor network traffic to and from B&R PCs for signs of exploitation attempts or unusual communication patterns
CVEs (9)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/ebd8713a-5730-4667-9a6e-ebc99a3300d0