Improper Certificate Validation in ABB B&R Automation Studio (CVE‑2025‑11043) Enables Man‑in‑the‑Middle Attacks
What It Is – ABB B&R Automation Studio versions < 6.5 contain an improper certificate validation flaw in its OPC‑UA client and ANSL‑over‑TLS client. The bug allows an unauthenticated network attacker to masquerade as a trusted server and intercept or alter data traffic.
Exploitability – The vulnerability is publicly disclosed (CVE‑2025‑11043) with a CVSS v3 base score of 7.4 (High). No public exploit code has been released, but the attack vector is straightforward: a malicious actor on the same LAN can present a forged certificate and gain a man‑in‑the‑middle position.
Affected Products – ABB B&R Automation Studio < 6.5 (all editions). The issue is fixed in version 6.5 and later.
TPRM Impact –
- Critical manufacturing and other OT environments that rely on ABB automation may experience data integrity breaches or unauthorized command injection.
- Third‑party suppliers using Automation Studio as a component in their own solutions inherit the same exposure, expanding the attack surface across the supply chain.
Recommended Actions –
- Patch Immediately – Deploy ABB’s version 6.5 (or later) to all Automation Studio installations.
- Validate TLS/OPC‑UA Configurations – Ensure certificate chains are properly validated and that only trusted CAs are accepted.
- Network Segmentation – Isolate OT networks from general corporate LANs to limit attacker proximity.
- Monitor for Anomalous Traffic – Deploy IDS/IPS rules that flag unexpected OPC‑UA/TLS handshakes or certificate mismatches.
- Vendor Coordination – Confirm with ABB that all downstream partners have applied the fix.
Source: CISA Advisory – ICSA‑26‑125‑04