Description
An Allocation of Resources Without Limits or Throttling vulnerability in the ANSL-Server component of B&R Automation Runtime versions prior to 6.5 and prior to R4.93 could be exploited by an unauthenti-cated attacker on the network to win a race condition, resulting in permanent denial-of-service (DoS) conditions on affected devices.
References (1)
Core 1
Core References
Various Sources
https://www.br-automation.com/fileadmin/SA25P005-26597bd0.pdf
Scores
CVSS v3
6.8
EPSS
0.0031
EPSS Percentile
22.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-770
Status
published
Products (2)
B&R Industrial Automation GmbH/Automation Runtime
4 - R4.93
B&R Industrial Automation GmbH/Automation Runtime
6 - 6.5
Published
Jan 19, 2026
Tracked Since
Feb 18, 2026