Critical Vulnerabilities in ABB B&R Automation Studio (Multiple CVEs) Threaten Industrial Automation
What It Is – ABB B&R Automation Studio versions < 6.5 and 6.5 contain a cascade of high‑severity flaws (CVE‑2025‑6965, CVE‑2025‑3277, CVE‑2023‑7104, …) ranging from heap‑based buffer overflows to use‑after‑free and improper user‑management. The advisory notes a CVSS v3 score of 9.8 (Critical) for the aggregate risk.
Exploitability – No public exploits have been observed in the wild, and ABB’s testing did not record successful exploitation. However, the breadth of the flaws provides multiple viable attack vectors that could be weaponized by sophisticated actors.
Affected Products – ABB B&R Automation Studio (all releases prior to 6.5 and the 6.5 release itself). The vulnerabilities stem from an outdated third‑party component that ABB has now replaced in a security‑update.
TPRM Impact – The product is widely deployed in manufacturing, energy, and other critical‑infrastructure environments as a core engineering‑and‑control platform. A compromised automation studio could enable:
- Unauthorized remote code execution on PLC‑connected workstations.
- Exposure of proprietary process data or intellectual property.
- Disruption of production lines, potentially cascading to downstream suppliers.
Recommended Actions – TPRM teams should:
- Verify version – Confirm that any third‑party ABB B&R Automation Studio in use is ≥ 6.5 + patch (or the specific hot‑fix released by ABB).
- Apply vendor update – Deploy the ABB‑provided replacement for the vulnerable third‑party component immediately.
- Conduct asset inventory – Map all OT assets that rely on Automation Studio to assess exposure scope.
- Network segmentation – Isolate engineering workstations from corporate IT and limit inbound traffic to trusted management consoles.
- Monitor for indicators – Enable logging of process‑control traffic and watch for anomalous memory‑access patterns or unexpected service restarts.
Source: CISA Advisory – ICSA‑26‑141‑03