ACCORDING to ABB PSIRT, ABB became aware of a vulnerability in ABB B&R Automation Runtime with an update available to resolve it; an attacker who exploited this flaw could cause the product to stop. The affected versions are Automation Runtime <6.5, >=6.5, =R4.93, with CVE-2025-11044 (listed twice in the advisory). CVSS Version 3.1 Base Score is 6.8 (Medium), and the vulnerability is described as an Allocation of Resources Without Limits or Throttling in the ANSL-Server component.
The remediation recommends that customers install updates: Automation Runtime 6 versions >= 6.5 and Automation Runtime 4 versions >= R4.93, and provides mitigations such as configuring longer cycle times and limiting data traffic on the Control Network Firewall. Background information notes the Critical Manufacturing sector and worldwide deployment, with ABB as the vendor and Switzerland as the company headquarters. The advisory also emphasises that the vulnerability could be exploited remotely if network access to an affected node is available.