B&R Automation Runtime Improper Handling of Flooding conditions on ANSL Server

Monitor6.8SA25P005Jan 19, 2026

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

Improper handling of flooding conditions in B&R Automation Runtime ANSL Server allows a network-based attacker to cause a denial of service. The vulnerability exists in Automation Runtime versions below 6.5 (for Runtime 6) and below R4.93 (for Runtime 4). Successful exploitation stops the product, interrupting industrial control operations. The issue is resolved by updating to the patched versions.

What this means

What could happen

A network-based attacker could trigger a denial of service condition on the Automation Runtime ANSL Server, causing the product to stop and interrupting critical control system operations.

Who's at risk

B&R Automation Runtime systems used in manufacturing, water treatment, electrical grid automation, and other industrial processes where the ANSL Server coordinates control logic. This affects both legacy Runtime 4 installations and modern Runtime 6 deployments.

How it could be exploited

An attacker with network access to the ANSL Server could send specially crafted messages that exploit improper handling of flooding conditions, causing the runtime to become unresponsive or crash. No authentication or user interaction is required.

Prerequisites

Network access to the ANSL Server port
No authentication required
High complexity attack (AC:H indicates specific conditions or knowledge needed)

remotely exploitableno authentication requiredaffects availability of control systemshigh attack complexity indicates specialized knowledge neededlow EPSS score limits urgency but demonstrates real vulnerability

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

Automation Runtime <6.5<6.5>=6.5

Automation Runtime <R4.93<R4.93>=6.5

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDMonitor network traffic for unusual messaging patterns directed at the ANSL Server as a temporary compensating control

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Automation Runtime 6 to version 6.5 or later

HOTFIXUpdate Automation Runtime 4 to version R4.93 or later

Long-term hardening

0/1

HARDENINGImplement network segmentation to restrict external access to the ANSL Server to only necessary engineering and operations workstations

CVEs (1)

CVE-2025-11044

View full ABB PSIRT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/5c75a909-f709-4702-a991-9ba00e68f170