HomeIntelligenceBrief
VULNERABILITY BRIEF🔴 Critical Vulnerability

Critical Vulnerabilities in ABB B&R Automation Studio (Multiple CVEs) Threaten Industrial Automation

ABB B&R Automation Studio versions prior to 6.5 contain a series of critical flaws (CVSS 9.8) that could enable remote code execution, data exposure, or production disruption. TPRM teams must verify patch status and isolate affected OT assets.

LiveThreat™ Intelligence · 📅 May 22, 2026· 📰 cisa.gov
🔴
Severity
Critical
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
3 sector(s)
Actions
5 recommended
📰
Source
cisa.gov

Critical Vulnerabilities in ABB B&R Automation Studio (Multiple CVEs) Threaten Industrial Automation

What It Is – ABB B&R Automation Studio versions < 6.5 and 6.5 contain a cascade of high‑severity flaws (CVE‑2025‑6965, CVE‑2025‑3277, CVE‑2023‑7104, …) ranging from heap‑based buffer overflows to use‑after‑free and improper user‑management. The advisory notes a CVSS v3 score of 9.8 (Critical) for the aggregate risk.

Exploitability – No public exploits have been observed in the wild, and ABB’s testing did not record successful exploitation. However, the breadth of the flaws provides multiple viable attack vectors that could be weaponized by sophisticated actors.

Affected Products – ABB B&R Automation Studio (all releases prior to 6.5 and the 6.5 release itself). The vulnerabilities stem from an outdated third‑party component that ABB has now replaced in a security‑update.

TPRM Impact – The product is widely deployed in manufacturing, energy, and other critical‑infrastructure environments as a core engineering‑and‑control platform. A compromised automation studio could enable:

  • Unauthorized remote code execution on PLC‑connected workstations.
  • Exposure of proprietary process data or intellectual property.
  • Disruption of production lines, potentially cascading to downstream suppliers.

Recommended Actions – TPRM teams should:

  • Verify version – Confirm that any third‑party ABB B&R Automation Studio in use is ≥ 6.5 + patch (or the specific hot‑fix released by ABB).
  • Apply vendor update – Deploy the ABB‑provided replacement for the vulnerable third‑party component immediately.
  • Conduct asset inventory – Map all OT assets that rely on Automation Studio to assess exposure scope.
  • Network segmentation – Isolate engineering workstations from corporate IT and limit inbound traffic to trusted management consoles.
  • Monitor for indicators – Enable logging of process‑control traffic and watch for anomalous memory‑access patterns or unexpected service restarts.

Source: CISA Advisory – ICSA‑26‑141‑03

📰 Original Source
https://www.cisa.gov/news-events/ics-advisories/icsa-26-141-03

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Every gap like this maps to a control you can evidence.

The Verisq AI Trust Operations platform maps incidents to your control framework and collects the evidence continuously — so your Trust Center shows proof, not promises, when a buyer or auditor asks.

Explore the Verisq AI Trust Operations platform →