THE CISA advisory ICSA-26-141-02, released on May 21, 2026, addresses multiple vulnerabilities in ABB B&R PCs, which could allow remote code execution, DoS attacks, and data exposure. Affected versions include various models of ABB B&R PCs (APC4100, APC910, C80, MPC3100, PPC1200, PPC900, APC2200, PPC2200, APC3100, and PPC3100) with specific version numbers listed.
The advisory highlights vulnerabilities such as out-of-bounds read, buffer overflow, and infinite loop issues associated with DHCPv6 and TCP/IP protocols. ABB has provided updates to rectify these vulnerabilities, and users are urged to install the updates or follow mitigation measures where patches are unavailable. Key recommendations include network isolation and restricting access to vulnerable components. The advisory emphasizes that while the vulnerabilities are significant, there have been no reported exploitations at the time of release.