ABB PPT30 Operating System Vulnerability (CVE-2025-11482)

On May 26, 2026, ABB published a security advisory addressing CVE-2025-11482, a vulnerability affecting the PPT30 Operating System. This vulnerability specifically impacts the PPT30 OPC-UA Server and its ability to handle concurrent connections. The affected versions are those prior to 1.8.0. Successful exploitation could lead to denial of service or other unspecified impacts on the industrial control system. This advisory highlights the importance of patching industrial control systems to maintain operational integrity.

Attack Chain

1. Attacker identifies a vulnerable PPT30 Operating System running a version prior to 1.8.0.
2. The attacker crafts a series of concurrent connection requests to the PPT30 OPC-UA Server.
3. The OPC-UA Server attempts to process all incoming connection requests.
4. Due to the vulnerability (CVE-2025-11482), the server’s resources are exhausted by the flood of connection attempts.
5. The OPC-UA server becomes unresponsive, leading to a denial-of-service condition.
6. Critical control system functions reliant on the OPC-UA server are impacted.

Impact

Successful exploitation of CVE-2025-11482 can lead to a denial-of-service condition within industrial control systems utilizing the affected ABB PPT30 Operating System. This can disrupt critical operations, potentially leading to process interruptions and safety concerns. The number of affected systems is currently unknown, but the vulnerability affects any deployment running PPT30 Operating System versions prior to 1.8.0.

Recommendation

• Upgrade the PPT30 Operating System to version 1.8.0 or later to patch CVE-2025-11482, as recommended in the ABB security advisory (https://br-cws-assets.de-fra-1.linodeobjects.com/SA25P006-0eec719c.pdf).
• Monitor network traffic for suspicious connection patterns targeting OPC-UA servers on systems running PPT30, using the provided Sigma rule.