CVE-2025-11043

Summary

An Improper Certificate Validation vulnerability in the OPC-UA client and ANSL over TLS client used in Automation Studio versions before 6.5 could allow an unauthenticated attacker on the network to position themselves to intercept and interfere with data exchanges.

Affected Software

VendorProductVersion RangeStatus
B&R Industrial Automation GmbHB&R Automation Studio4affected
B&R Industrial Automation GmbHB&R Automation Studio6 < 6.5affected

Weaknesses

  • CWE-295: CWE-295 Improper Certificate Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References