{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2025-11044/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":6.8,"id":"CVE-2025-11044"}],"_cs_exploited":false,"_cs_products":["ABB B\u0026R Automation Runtime"],"_cs_severities":["medium"],"_cs_tags":["dos","ics","cve-2025-11044"],"_cs_type":"advisory","_cs_vendors":["ABB"],"content_html":"\u003cp\u003eABB B\u0026amp;R Automation Runtime is affected by a denial-of-service vulnerability.  Specifically, versions prior to 6.5 and prior to R4.93 are susceptible. The vulnerability, tracked as CVE-2025-11044, resides in the ANSL-Server component. An unauthenticated attacker with network access can exploit a race condition, leading to a permanent denial-of-service condition on affected devices. The vulnerability stems from an insufficient throttling and limiting mechanism in the ANSL Server. Exploitation requires access to the system network, either directly or through a misconfigured firewall. ABB recommends updating to Automation Runtime versions 6.5 or later and R4.93 or later to remediate this vulnerability. The initial report date for this vulnerability was 2026-01-19, with a CISA republication on 2026-05-05.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker gains network access to the target ABB B\u0026amp;R Automation Runtime device, either through direct connection, compromised firewall, or malicious software on the network.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a specially crafted message designed to exploit the race condition in the ANSL-Server.\u003c/li\u003e\n\u003cli\u003eThe attacker sends the malicious message to the vulnerable ANSL-Server component of the Automation Runtime.\u003c/li\u003e\n\u003cli\u003eThe ANSL-Server processes the message, triggering the vulnerability due to insufficient resource throttling.\u003c/li\u003e\n\u003cli\u003eThe race condition occurs, leading to excessive resource allocation.\u003c/li\u003e\n\u003cli\u003eThe affected device\u0026rsquo;s resources are exhausted due to the unbounded resource allocation.\u003c/li\u003e\n\u003cli\u003eThe Automation Runtime component becomes unresponsive, resulting in a denial-of-service condition.\u003c/li\u003e\n\u003cli\u003eThe affected industrial control system node stops functioning, impacting critical manufacturing processes.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2025-11044 can cause a permanent denial-of-service condition on the affected ABB B\u0026amp;R Automation Runtime devices. This can lead to the shutdown of critical manufacturing processes, resulting in production downtime, financial losses, and potential safety hazards. The vulnerability affects critical infrastructure sectors, particularly critical manufacturing, worldwide. While the advisory does not report specific victim counts, the widespread deployment of ABB B\u0026amp;R Automation Runtime suggests a broad potential impact.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately patch ABB B\u0026amp;R Automation Runtime to versions 6.5 or later, or R4.93 or later, to remediate CVE-2025-11044 as recommended by the vendor.\u003c/li\u003e\n\u003cli\u003eFor systems that cannot be immediately patched, implement the mitigation measures suggested by ABB, such as adjusting application configurations to longer cycle times.\u003c/li\u003e\n\u003cli\u003eLimit the maximum data traffic and the maximum number of concurrent connections to the ANSL server of Automation Runtime on the Control Network Firewall as recommended by the vendor.\u003c/li\u003e\n\u003cli\u003eDeploy the following Sigma rule to detect suspicious network activity targeting the ANSL server, and tune for your specific environment.\u003c/li\u003e\n\u003cli\u003eMinimize network exposure for all control system devices and systems, ensuring they are not accessible from the internet, as per CISA\u0026rsquo;s recommendations.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-05T12:00:00Z","date_published":"2026-05-05T12:00:00Z","id":"/briefs/2026-05-abb-automation-dos/","summary":"A denial-of-service vulnerability (CVE-2025-11044) exists in ABB B\u0026R Automation Runtime versions prior to 6.5 and R4.93, where an unauthenticated attacker can exploit a race condition to cause permanent denial-of-service.","title":"ABB B\u0026R Automation Runtime Denial-of-Service Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-abb-automation-dos/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2025-11044","version":"https://jsonfeed.org/version/1.1"}