CVE-2025-11044 is a vulnerability classified under CWE-770, indicating allocation of resources without limits or throttling. It exists in the ANSL-Server component of B&R Industrial Automation GmbH's Automation Runtime product, versions prior to 6.5 and R4.93, specifically affecting versions 4 and 6. The flaw arises from a race condition that can be triggered by an unauthenticated attacker remotely over the network. By exploiting this race condition, the attacker can cause the system to allocate resources uncontrollably, leading to exhaustion and a permanent denial-of-service (DoS) state on the affected device. The vulnerability requires no authentication or user interaction, making it highly accessible to attackers with network access. The CVSS 4.0 vector indicates network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and high impact on availability (VA:H), with no impact on confidentiality or integrity. The vulnerability does not currently have known exploits in the wild but poses a significant risk due to the critical role of Automation Runtime in industrial control systems. The lack of throttling or resource allocation limits means that repeated or concurrent requests can overwhelm the system, causing it to become unresponsive or permanently fail, disrupting industrial processes. This vulnerability highlights the importance of robust resource management in industrial automation software to prevent denial-of-service conditions that could halt manufacturing or critical infrastructure operations.

The primary impact of CVE-2025-11044 is a permanent denial-of-service condition on devices running vulnerable versions of B&R Automation Runtime. For European organizations, especially those in manufacturing, energy, transportation, and critical infrastructure sectors relying on industrial automation, this can lead to significant operational disruptions. Loss of availability in industrial control systems can halt production lines, cause safety system failures, and lead to financial losses and reputational damage. The unauthenticated nature of the exploit increases the risk of remote attacks from internal or external threat actors. Given the strategic importance of industrial automation in Europe's economy and infrastructure, exploitation could have cascading effects on supply chains and critical services. The absence of known exploits currently provides a window for proactive mitigation, but the high CVSS score underscores the urgency. Organizations may also face regulatory scrutiny if disruptions impact safety or compliance requirements. Overall, the vulnerability threatens operational continuity and availability, which are critical in industrial environments.

1. Apply patches and updates from B&R Industrial Automation GmbH as soon as they become available to address CVE-2025-11044. 2. Until patches are deployed, implement strict network segmentation to isolate Automation Runtime devices from untrusted networks and limit access to only authorized management systems. 3. Employ network-level controls such as firewalls and intrusion detection/prevention systems (IDS/IPS) to monitor and block anomalous traffic patterns indicative of resource exhaustion attempts targeting the ANSL-Server component. 4. Conduct regular audits of industrial control system network traffic to detect unusual spikes in resource allocation requests or repeated connection attempts. 5. Implement rate limiting or throttling at network gateways where possible to reduce the risk of resource exhaustion attacks. 6. Develop and test incident response plans specifically for industrial control system availability incidents to minimize downtime in case of exploitation. 7. Collaborate with B&R support and industrial cybersecurity experts to validate the security posture of Automation Runtime deployments and confirm patch applicability. 8. Maintain asset inventories to identify all devices running vulnerable versions and prioritize remediation accordingly. 9. Educate operational technology (OT) personnel about the vulnerability and signs of exploitation to enhance detection capabilities.