PPT30 OPC-UA Server has issues handling concurrent connections

Plan PatchCVSS 7.5sa25p006May 26, 2026

Manufacturing

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A vulnerability in the PPT30 Operating System allows an attacker to make the OPC-UA server inaccessible by sending concurrent connection requests that crash or lock the server. The vulnerability affects versions before 1.8.0. The OPC-UA server is not activated by default, but when explicitly enabled, it becomes subject to this availability attack. An attacker needs only network access to the OPC-UA port and no authentication is required.

What this means

What could happen

An attacker could make the OPC-UA server on the PPT30 controller inaccessible, disrupting any process monitoring or remote control capabilities that depend on this interface for supervision and diagnostics.

Who's at risk

Manufacturing facilities operating B&R PPT30 controllers with the OPC-UA server enabled. This affects process supervisory systems, remote diagnostics, and monitoring infrastructure that rely on the OPC-UA interface to communicate with the controller.

How it could be exploited

An attacker with network access to the PPT30's OPC-UA port could send specially crafted concurrent connection requests that crash or lock the server, rendering it unresponsive. This requires the OPC-UA server to be explicitly enabled on the device.

Prerequisites

Network access to the PPT30 OPC-UA server port
OPC-UA server must be explicitly enabled on the PPT30 (not enabled by default)
No authentication credentials are required to trigger the condition

remotely exploitableno authentication requiredlow complexity attackaffects availability of process monitoring and control

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (1)

ProductAffected VersionsFix Status

PPT30 Operating System <1.8.0<1.8.01.8.0

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDIf OPC-UA server is not required for operations, keep it disabled (default state)

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate PPT30 Operating System to version 1.8.0 or later

Long-term hardening

0/2

HARDENINGConfigure South Firewall and/or Control Network Firewall to restrict OPC-UA server access to trusted IP addresses only

HARDENINGEnsure network segmentation isolates the PPT30 and restricts physical network interface access to authorized personnel only

CVEs (1)

CVE-2025-11482

View full ABB PSIRT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/bf5eabfc-29bb-4d4c-a9db-f475413d3302

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.