PatchSiren cyber security CVE debrief
CVE-2025-11043 ABB CVE debrief
CVE-2025-11043 is a high-severity certificate validation weakness in ABB B&R Automation Studio versions before 6.5. According to the CISA-republished advisory, the issue affects the OPC-UA client and the ANSL over TLS client and could let an unauthenticated attacker on the network intercept and interfere with data exchanges. ABB’s fix is available in Automation Studio 6.5, and the vendor advises deploying the update at the earliest convenience.
- Vendor
- ABB
- Product
- Automation Studio
- CVSS
- HIGH 7.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-01-19
- Original CVE updated
- 2026-05-05
- Advisory published
- 2026-01-19
- Advisory updated
- 2026-05-05
Who should care
OT and ICS teams running ABB B&R Automation Studio before 6.5, especially environments using OPC-UA or ANSL over TLS to communicate with Level 1 devices. Security teams responsible for patching, certificate trust, and segmentation in industrial networks should treat this as relevant.
Technical summary
The advisory describes an improper certificate validation flaw in the OPC-UA client and ANSL over TLS client used by Automation Studio versions before 6.5. The stated impact is that an unauthenticated attacker on the network could position themselves to intercept and interfere with data exchanges. The vendor remediation notes also indicate exploitation would require intercepting and redirecting the communication and presenting manipulated certificates that pass validation checks. The corrected version is Automation Studio 6.5. The CVSS vector supplied is CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/RL:O/RC:C, which aligns with a high-severity, network-reachable issue that is not trivially exploitable.
Defensive priority
High priority for affected OT deployments. Patch to Automation Studio 6.5 as soon as operationally feasible, and prioritize systems that rely on OPC-UA or ANSL over TLS in exposed or less-segmented network zones.
Recommended defensive actions
- Upgrade ABB B&R Automation Studio to version 6.5 or later.
- Inventory systems using Automation Studio versions before 6.5, with attention to OPC-UA and ANSL over TLS usage.
- Apply the vendor-recommended trusted-environment guidance: operate Automation Studio within Level 2 of the ABB ICS Cyber Security Reference Architecture when connecting to Level 1 devices via ANSL over TLS or OPC-UA.
- Review certificate validation, trust store, and network segmentation controls for affected OT paths.
- Use CISA ICS recommended practices and defense-in-depth guidance to reduce exposure while patching is being planned or validated.
Evidence notes
Primary facts come from the CISA CSAF source item for ICSA-26-125-04, which republishes ABB PSIRT SA25P004. The source states the vulnerability is an improper certificate validation issue in the OPC-UA client and ANSL over TLS client used in Automation Studio versions before 6.5, with impact to data exchange confidentiality and integrity. The source item revision history shows initial publication on 2026-01-19 and republication on 2026-05-05. Remediation text names Automation Studio 6.5 as the corrected version and recommends operating within Level 2 of the ABB ICS Cyber Security Reference Architecture when connecting to Level 1 devices via ANSL over TLS or OPC-UA. No CISA KEV listing is present in the supplied corpus.
Official resources
-
CVE-2025-11043 CVE record
CVE.org
-
CVE-2025-11043 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Disclosed in the vendor advisory and CISA republication for ICSA-26-125-04 on 2026-01-19, with CISA republication updated on 2026-05-05. The supplied corpus does not indicate CISA KEV inclusion.