CVE-2025-11044 in Automation Runtime
Summary
by MITRE • 01/19/2026
An Allocation of Resources Without Limits or Throttling vulnerability in the ANSL-Server component of B&R Automation Runtime versions prior to 6.5 and prior to R4.93 could be exploited by an unauthenti-cated attacker on the network to win a race condition, resulting in permanent denial-of-service (DoS) conditions on affected devices.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 01/20/2026
The vulnerability identified as CVE-2025-11044 represents a critical resource management flaw within the ANSL-Server component of B&R Automation Runtime systems. This issue affects versions prior to 6.5 and R4.93, exposing automation devices to significant operational risks. The flaw manifests as an allocation of resources without proper limits or throttling mechanisms, creating an environment where system resources can be exhausted through improper resource handling. The vulnerability specifically impacts industrial automation systems where continuous operation is critical for production processes.
The technical implementation of this vulnerability stems from insufficient resource management controls within the ANSL-Server component. When an unauthenticated attacker accesses the networked system, they can exploit a race condition scenario to manipulate resource allocation patterns. This race condition occurs during the allocation process where the system fails to properly monitor or limit resource consumption, allowing an attacker to continuously request resources without proper throttling. The lack of proper resource limits means that the system can be overwhelmed with allocation requests, leading to exhaustion of available memory, processing power, or other critical system resources. This type of vulnerability aligns with CWE-770, which specifically addresses allocation of resources without limits or throttling, making it a direct implementation of this well-documented weakness category.
The operational impact of CVE-2025-11044 extends beyond simple service disruption to potentially catastrophic consequences for industrial environments. Permanent denial-of-service conditions can halt production lines, disrupt critical manufacturing processes, and create significant financial losses for organizations relying on these automation systems. The unauthenticated nature of the attack means that any network-connected device running vulnerable versions of B&R Automation Runtime becomes immediately susceptible to exploitation without requiring any credentials or specialized access. This characteristic transforms what might be a minor inconvenience into a severe operational threat, particularly in environments where automation systems operate continuously and cannot afford extended downtime.
Mitigation strategies for this vulnerability must address both immediate protective measures and long-term system hardening approaches. Organizations should prioritize upgrading to B&R Automation Runtime versions 6.5 or R4.93, which contain the necessary resource management fixes. Network segmentation and access controls should be implemented to limit exposure of affected systems to untrusted networks. Additionally, implementing proper resource monitoring and alerting mechanisms can help detect anomalous resource consumption patterns that might indicate exploitation attempts. The vulnerability's characteristics align with ATT&CK technique T1499.004, which covers resource exhaustion attacks, emphasizing the need for robust resource management and monitoring capabilities. Regular vulnerability assessments and security audits should be conducted to ensure that industrial control systems maintain appropriate security postures against evolving threats in the operational technology landscape.