B&R Automation Runtime Improper Handling of Flooding conditions on ANSL Server
MonitorCVSS 6.8sa25p005Jan 19, 2026
ABBB&R Automation
Attack path
Attack VectorNetwork
Auth RequiredNone
ComplexityHigh
User InteractionNone needed
Summary
A vulnerability exists in B&R Automation Runtime's handling of network traffic flooding conditions on the ANSL Server component. An attacker could send specially crafted packets that exceed the server's ability to handle them, causing the controller to stop responding. This results in a denial of service condition that would halt any automation processes dependent on the controller.
What this means
What could happen
An attacker could send specially crafted network traffic that causes the B&R Automation Runtime to stop responding, disrupting any industrial processes or automation sequences running on that controller.
Who's at risk
B&R Automation Runtime users, including manufacturers of industrial machinery, packaging systems, material handling equipment, and factory automation installations that rely on B&R controllers for process control and sequencing.
How it could be exploited
An attacker sends malicious network packets designed to flood or exceed resource handling thresholds in the ANSL Server component of Automation Runtime, causing a denial of service that stops the controller from processing normal operations.
Prerequisites
- Network access to the Automation Runtime ANSL Server port (port 2912 is typical for B&R ANSL)
- No authentication or credentials required
- Ability to send crafted network packets to the affected device
remotely exploitableno authentication requiredaffects availability of automation controllerlow EPSS score but potentially high operational impact
Exploitability
Unlikely to be exploited — EPSS score 0.1%
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
Automation Runtime <6.5<6.5>=6.5
Automation Runtime <R4.93<R4.93>=6.5
Remediation & Mitigation
0/3
Do now
0/1WORKAROUNDRestrict network access to the ANSL Server port to only authorized engineering workstations and control systems
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
HOTFIXUpdate Automation Runtime 6 to version 6.5 or later
HOTFIXUpdate Automation Runtime 4 to version R4.93 or later
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/2383490c-9a25-4400-9398-0b9e244a343bGet OT security insights every Tuesday
Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.