CVE-2025-11043 | THREATINT

Description

An Improper Certificate Validation vulnerability in the OPC-UA client and ANSL over TLS client used in Automation Studio versions before 6.5 could allow an unauthenticated attacker on the network to position themselves to intercept and interfere with data exchanges.

PUBLISHED Reserved 2025-09-26 | Published 2026-01-19 | Updated 2026-01-19 | Assigner ABB

CRITICAL: 9.1CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

HIGH: 7.4CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Problem types

CWE-295 Improper Certificate Validation

Product status

Default status

unaffected

4 (custom)

affected

6 (custom) before 6.5

affected

References

www.br-automation.com/fileadmin/SA25P004-4f45197f.pdf

cve.org (CVE-2025-11043)

nvd.nist.gov (CVE-2025-11043)

Download JSON