B&R Automation Studio Update of SQLite version

Act NowCVSS 9.8sa25p007Feb 18, 2026

ABBB&R Automation

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

ABB identified vulnerabilities in the SQLite library bundled with B&R Automation Studio versions earlier than 6.5. These vulnerabilities include buffer overflow, memory corruption, and integer overflow issues (CWE-197, CWE-122, CWE-119, CWE-787, CWE-190, CWE-125, CWE-120) that could enable unauthorized access, data exposure, or remote code execution. Although no successful exploitation of B&R products was observed during testing, the underlying SQLite vulnerabilities present potential attack vectors when exposed to untrusted network input.

What this means

What could happen

An attacker with network access to B&R Automation Studio could potentially execute arbitrary code or access sensitive data, which could lead to unauthorized modifications of industrial automation programs or theft of proprietary engineering data.

Who's at risk

Engineering teams and automation engineers who use B&R Automation Studio to develop, test, or maintain industrial automation programs on manufacturing equipment, process control systems, and machinery.

How it could be exploited

An attacker on the network sends a specially crafted request to B&R Automation Studio that exploits buffer overflow or memory corruption vulnerabilities in the bundled SQLite library. This could allow the attacker to run commands with the privileges of the Automation Studio process.

Prerequisites

Network access to the B&R Automation Studio application port
B&R Automation Studio version 6.4 or earlier installed and accessible from the network

remotely exploitableno authentication requiredlow complexityhigh EPSS score (51.9%)affects engineering systems that control production equipment

Exploitability

Likely to be exploited — EPSS score 64.9%

Public Proof-of-Concept (PoC) on GitHub (2 repositories)

Affected products (1)

ProductAffected VersionsFix Status

B&R Automation Studio <6.5<6.56.5

Remediation & Mitigation

0/2

Do now

0/1

HARDENINGRestrict network access to B&R Automation Studio to authorized engineering workstations only using host firewall rules or network segmentation

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate B&R Automation Studio to version 6.5 or later

CVEs (25)

View full ABB PSIRT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/d2f868bf-5644-492c-88b0-9437efda5d5e

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.