B&R Automation Runtime ANSL-Server Component Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the ANSL-Server component of B&R Automation Runtime. This issue affects versions prior to 6.5 and prior to R4.93. The vulnerability arises from a lack of proper throttling and resource allocation limits, allowing an unauthenticated attacker on the network to exploit a race condition. Successful exploitation can lead to permanent denial-of-service conditions on the affected devices.

Impact

Exploitation of this vulnerability causes the affected system node to stop functioning, creating a permanent denial-of-service condition on the device.

Remediation

Users are advised to update to B&R Automation Runtime versions 6.5 or later, or version R4.93 or later. Instructions for installing updates are available in the user manual. For customers unable to transition to a patched version, adjusting application configurations to longer cycle times may help mitigate the vulnerability.