B&R PPT30 Operating System

p a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-155-03.json" strong View CSAF /strong /a /p h2 Summary /h2 p strong B amp;R is aware of a vulnerability in the product versions listed as affected in the advisory. An attacker who successfully exploits this vulnerability could make the OPC-UA server of the product inaccessible. /strong /p p The following versions of B amp;R PPT30 Operating System are affected: /p ul li PPT30 Operating System lt;1.8.0, 1.8.0 (CVE-2025-11482) /li /ul div class="csaf-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS /th th role="columnheader" Vendor /th th role="columnheader" Equipment /th th role="columnheader" Vulnerabilities /th /tr /thead tbody tr td v3 7.5 /td td B amp;R Industrial Automation GmbH /td td B amp;R PPT30 Operating System /td td Allocation of Resources Without Limits or Throttling /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Commercial Facilities, Critical Manufacturing, Energy, Transportation Systems, Water and Wastewater /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong Switzerland /li /ul hr h2 Vulnerabilities /h2 div class="csaf-accordion" p a class="csaf-accordion-toggle-all" href="#" Expand All + /a /p div class="csaf-accordion-item" h3 a class="csaf-accordion-toggle" href="#" CVE-2025-11482 /a /h3 div class="csaf-accordion-content" p An Allocation of Resources Without Limits or Throttling vulnerability in the OPC-UA Server used in PPT30 Operating System versions before 1.8.0 may be used by an unauthenticated network-based at-tacker to permanently prevent legitimate users from interacting with the service. /p p a href="https://www.cve.org/CVERecord?id=CVE-2025-11482" View CVE Details /a /p hr h4 Affected Products /h4 h5 B amp;R PPT30 Operating System /h5 div class="ics-vendor-version-status" div class="ics-vendor" strong Vendor: /strong br B amp;R Industrial Automation GmbH /div div class="ics-version" strong Product Version: /strong br B amp;R Industrial Automation GmbH PPT30 Operating System lt;1.8.0 /div div class="ics-status" strong Product Status: /strong br fixed, known_affected /div /div div class="ics-remediations" h6 Remediations /h6 p strong Vendor fix /strong br The problem is corrected in the following product versions: PPT30 Operating System 1.8.0. The OPC-UA server is not activated by default. B amp;R recommends that customers with the OPC-UA Server enabled to install the update at their earliest opportunity. The process to install updates is described in the user manual. The step to identify the installed product version is described in the user manual. /p p strong Mitigation /strong br The optional OPC-UA server is not activated by default. The OPC-UA server shall only be activated, if required. PPT30 products are i