CVE-2025-11044
Unknown Unknown - Not Provided
Resource Allocation Race Condition in B&R ANSL-Server Causes DoS

Publication date: 2026-01-19

Last updated on: 2026-01-19

Assigner: Asea Brown Boveri Ltd. (ABB)

Description
An Allocation of Resources Without Limits or Throttling vulnerability in the ANSL-Server component of B&R Automation Runtime versions prior to 6.5 and prior to R4.93 could be exploited by an unauthenti-cated attacker on the network to win a race condition, resulting in permanent denial-of-service (DoS) conditions on affected devices.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-19
Last Modified
2026-01-19
Generated
2026-06-16
AI Q&A
2026-01-19
EPSS Evaluated
2026-06-14
NVD
CVE-2025-11044
EUVD
EUVD-2026-3214
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
b&b_automation automation_runtime to 6.5|end_excluding=R4.93 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-770 The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an Allocation of Resources Without Limits or Throttling flaw in the ANSL server component of B&R Automation Runtime versions prior to 6.5 and R4.93. An unauthenticated attacker on the network can exploit this by sending specially crafted malicious network traffic to trigger a race condition. This race condition causes the affected system node to stop functioning, resulting in a permanent denial-of-service (DoS) condition. Exploitation depends on concurrent access to system resources and is more likely with shorter cycle times in customer applications. [1]

Impact Analysis

The impact of this vulnerability is a permanent denial-of-service (DoS) condition on affected devices. This means that an attacker can cause the system node running the ANSL server to stop functioning permanently, disrupting operations. Since the vulnerability can be exploited remotely by an unauthenticated attacker on the network, it poses a significant risk to availability. However, not all devices or applications are vulnerable, and longer cycle times reduce the likelihood of exploitation. Mitigations include limiting data traffic and concurrent connections to the ANSL server and applying the available software updates. [1]

Detection Guidance

Detection involves monitoring for unusually high or abnormal concurrent connections or data traffic to the ANSL server component of B&R Automation Runtime. Since exploitation requires sending specially crafted malicious network traffic to trigger a race condition, network traffic analysis tools can be used to identify suspicious patterns targeting the ANSL server. Specific commands are not provided in the available resources, but general network monitoring commands such as 'netstat' to check active connections, or packet capture tools like 'tcpdump' or 'Wireshark' to analyze traffic to the ANSL server ports, can be used to detect anomalies. [1]

Mitigation Strategies

Immediate mitigation steps include limiting maximum data traffic and concurrent connections to the ANSL server via the Control Network Firewall, restricting data traffic to no more than 80% of peak measured traffic, isolating automation networks behind firewalls, enforcing physical access controls, avoiding unnecessary network exposure, keeping software and firmware up to date by applying the update to Automation Runtime versions 6.5 and above or R4.93 and above, scanning imported data for malware, and using secure remote access methods such as VPNs. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-11044. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart