PatchSiren cyber security CVE debrief
CVE-2025-11044 ABB CVE debrief
CVE-2025-11044 is a network-reachable denial-of-service issue in ABB B&R Automation Runtime’s ANSL-Server component. According to the advisory, an unauthenticated attacker can win a race condition and leave affected devices in a permanent DoS state, making this most important for exposed OT systems that cannot tolerate downtime.
- Vendor
- ABB
- Product
- Automation Runtime
- CVSS
- MEDIUM 6.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-01-19
- Original CVE updated
- 2026-05-05
- Advisory published
- 2026-01-19
- Advisory updated
- 2026-05-05
Who should care
OT/ICS operators, control-system engineers, plant administrators, and security teams responsible for ABB B&R Automation Runtime deployments, especially systems that expose ANSL-Server traffic or use short cycle times and high connection loads.
Technical summary
CISA’s advisory, republishing ABB PSIRT SA25P005, describes an "Allocation of Resources Without Limits or Throttling" flaw in ANSL-Server. The issue affects Automation Runtime versions prior to 6.5 and prior to R4.93. The vendor states that an unauthenticated attacker on the network may be able to exploit a race condition and cause permanent denial of service on affected devices. The advisory also notes that shorter cycle times increase exploitation likelihood, and that reaching the vulnerable service from outside Level 1 would require bypassing the Control Network Firewall. Remediation is available in Automation Runtime 6.5 and R4.93 or later.
Defensive priority
High for reachable OT systems; medium overall based on the provided CVSS 6.8 rating and the availability of vendor mitigations, but prioritize any device that is network-exposed or operationally critical.
Recommended defensive actions
- Upgrade ABB B&R Automation Runtime to version 6.5 or later for Automation Runtime 6, or R4.93 or later for Automation Runtime 4.
- If patching is not immediately possible, consider increasing application cycle times, since the vendor says shorter cycle times can increase exploitation likelihood.
- Limit maximum data traffic and the maximum number of concurrent connections to the ANSL server on the Control Network Firewall.
- Follow the vendor guidance to keep permitted data traffic to no more than 80% of the measured peak traffic value.
- Test maximum application load capacity before commissioning and verify the installed Automation Runtime version against the vendor’s guidance.
- Review the vendor’s general security recommendations and defense-in-depth guidance for B&R products.
Evidence notes
This debrief is based on the supplied CISA CSAF advisory ICSA-26-125-03, which republishes ABB PSIRT advisory SA25P005. The source states the flaw affects ABB B&R Automation Runtime versions prior to 6.5 and prior to R4.93, can be triggered by an unauthenticated network attacker, and can result in permanent DoS. The provided CVSS vector is CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H/RL:O/RC:C. The supplied enrichment does not list the CVE in KEV.
Official resources
-
CVE-2025-11044 CVE record
CVE.org
-
CVE-2025-11044 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed by CISA on 2026-01-19 in ICS Advisory ICSA-26-125-03, republishing ABB PSIRT advisory SA25P005; the advisory was later republished on 2026-05-05. No KEV entry is included in the supplied enrichment.