CVE-2025-11044
Resource Allocation Race Condition in B&R ANSL-Server Causes DoS
Publication date: 2026-01-19
Last updated on: 2026-01-19
Assigner: Asea Brown Boveri Ltd. (ABB)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| b&b_automation | automation_runtime | to 6.5|end_excluding=R4.93 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Allocation of Resources Without Limits or Throttling flaw in the ANSL server component of B&R Automation Runtime versions prior to 6.5 and R4.93. An unauthenticated attacker on the network can exploit this by sending specially crafted malicious network traffic to trigger a race condition. This race condition causes the affected system node to stop functioning, resulting in a permanent denial-of-service (DoS) condition. Exploitation depends on concurrent access to system resources and is more likely with shorter cycle times in customer applications. [1]
How can this vulnerability impact me? :
The impact of this vulnerability is a permanent denial-of-service (DoS) condition on affected devices. This means that an attacker can cause the system node running the ANSL server to stop functioning permanently, disrupting operations. Since the vulnerability can be exploited remotely by an unauthenticated attacker on the network, it poses a significant risk to availability. However, not all devices or applications are vulnerable, and longer cycle times reduce the likelihood of exploitation. Mitigations include limiting data traffic and concurrent connections to the ANSL server and applying the available software updates. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection involves monitoring for unusually high or abnormal concurrent connections or data traffic to the ANSL server component of B&R Automation Runtime. Since exploitation requires sending specially crafted malicious network traffic to trigger a race condition, network traffic analysis tools can be used to identify suspicious patterns targeting the ANSL server. Specific commands are not provided in the available resources, but general network monitoring commands such as 'netstat' to check active connections, or packet capture tools like 'tcpdump' or 'Wireshark' to analyze traffic to the ANSL server ports, can be used to detect anomalies. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include limiting maximum data traffic and concurrent connections to the ANSL server via the Control Network Firewall, restricting data traffic to no more than 80% of peak measured traffic, isolating automation networks behind firewalls, enforcing physical access controls, avoiding unnecessary network exposure, keeping software and firmware up to date by applying the update to Automation Runtime versions 6.5 and above or R4.93 and above, scanning imported data for malware, and using secure remote access methods such as VPNs. [1]