ICSA-26-141-03 · Published 2026-05-21 · View on CISA ICS-CERT ↗

ABB B&R Automation Studio

CVSS 9.8 CRITICAL

Risk Summary

ABB became aware of vulnerability in the product versions listed as affected in the advisory. An update is available that replaces an outdated third-party component. Although no successful exploitation was observed during testing of the affected B&R products, the identified vulnerabilities could present potential attack vectors that might enable unauthorized access, data exposure, or remote code execution.

CVEs (25)

CVE-2025-6965 CVE-2025-3277 CVE-2023-7104 CVE-2022-35737 CVE-2020-15358 CVE-2020-13632 CVE-2020-13631 CVE-2020-13630 CVE-2020-13435 CVE-2020-13434 CVE-2020-11656 CVE-2020-11655 CVE-2019-19646 CVE-2019-19645 CVE-2019-8457 CVE-2018-20506 CVE-2018-20505 CVE-2018-20346 CVE-2018-8740 CVE-2017-10989 CVE-2016-6153 CVE-2015-6607 CVE-2015-5895 CVE-2015-3717 CVE-2015-3416

Remediations

The problem is corrected in the following product versions: B&R Automation Studio 6.5 B&R recommends that customers apply the update at earliest convenience. The process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual.
Refer to section “General security recommendations” for advice on how to keep your system secure.

Affected Vendors

ABB

Affected Products (2)

ABB · B&R Automation Studio <6.5

ABB · B&R Automation Studio 6.5

Affected Sectors

Energy

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more