XZ Utils vulnerability impacting B&R Products
Plan PatchCVSS 7.5sa26p009Jun 10, 2026
Manufacturing
Attack path
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
A vulnerability in XZ Utils affects B&R industrial terminals and control systems. An attacker who successfully exploits this vulnerability could cause the product to stop or corrupt memory data.
What this means
What could happen
An attacker could crash an affected B&R terminal or corrupt data in memory, potentially halting production operations or causing loss of process setpoints and program state.
Who's at risk
B&R industrial terminals and control systems used in manufacturing environments, including PPC3100, C50, C80, FT50, MT50, T30, T80, and T50 models. Any organization using these devices for process control, data collection, or human-machine interfaces should prioritize patching.
How it could be exploited
An attacker with network access to an affected B&R terminal can send a specially crafted request that triggers the XZ Utils vulnerability, causing a denial of service or memory corruption on the device.
Prerequisites
- Network access to the affected B&R terminal on port used by the vulnerable service
remotely exploitableno authentication requiredlow complexityaffects industrial control systems
Exploitability
Unlikely to be exploited — EPSS score 0.6%
Affected products (8)
8 with fix
ProductAffected VersionsFix Status
PPC3100 <1.8.1<1.8.11.8.1
C50 <1.8.0<1.8.01.8.0
C80 <1.8.0<1.8.01.8.0
FT50 <1.8.1<1.8.11.8.1
MT50 <1.8.1<1.8.11.8.1
T30 <1.8.0<1.8.01.8.0
T80 <1.8.0<1.8.01.8.0
T50 <1.8.1<1.8.11.8.1
Remediation & Mitigation
0/8
Schedule — requires maintenance window
0/8Patching may require device reboot — plan for process interruption
HOTFIXUpdate PPC3100 terminals to firmware version 1.8.1 or later
HOTFIXUpdate C50 terminals to firmware version 1.8.0 or later
HOTFIXUpdate C80 terminals to firmware version 1.8.0 or later
HOTFIXUpdate FT50 terminals to firmware version 1.8.1 or later
HOTFIXUpdate MT50 terminals to firmware version 1.8.1 or later
HOTFIXUpdate T30 terminals to firmware version 1.8.0 or later
HOTFIXUpdate T80 terminals to firmware version 1.8.0 or later
HOTFIXUpdate T50 terminals to firmware version 1.8.1 or later
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/cec378c1-107e-425a-bc16-19f40853c86fGet OT security insights every Tuesday
Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.