Full Report
[Control systems] ABB security advisory (AV26-510)
Analysis Summary
# Vulnerability: ABB PPT30 Concurrent Connection Denial of Service
## CVE Details
- **CVE ID:** CVE-2025-11482
- **CVSS Score:** Not explicitly rated in the advisory, but typically categorized as Medium to High for DoS on ICS components.
- **CWE:** CWE-772 (Improper Release of Memory Before Removal of Last Reference) or CWE-400 (Uncontrolled Resource Consumption) - *Inferred from "issues handling concurrent connections".*
## Affected Systems
- **Products:** PPT30 Operating System
- **Versions:** All versions prior to v1.8.0
- **Configurations:** Systems running the OPC-UA Server component.
## Vulnerability Description
The PPT30 OPC-UA Server contains a flaw in how it manages concurrent connections. When multiple simultaneous connections are initiated or handled, the system fails to properly manage resources or handle the connection state, leading to a potential crash or unresponsiveness of the OPC-UA service.
## Exploitation
- **Status:** Not exploited (No reports of exploitation in the wild at the time of advisory).
- **Complexity:** Low
- **Attack Vector:** Network
## Impact
- **Confidentiality:** None
- **Integrity:** None
- **Availability:** High (The primary impact is the disruption of the OPC-UA Server, which may stop data flow to HMIs or SCADA systems).
## Remediation
### Patches
- **Update to PPT30 Operating System version 1.8.0** or later. This update includes a fix for the connection handling logic.
### Workarounds
- **Network Segmentation:** Ensure the PPT30 device is located on a secure control network (Level 2 or 3 of the Purdue Model) and is not accessible from the public internet or business networks.
- **Access Control:** Restrict access to the OPC-UA port (typically TCP 4840) to known, authorized IP addresses (e.g., specific HMI or Data Historian nodes).
- **Connection Limiting:** If the upstream firewall or internal router supports it, limit the rate of new TCP connections to the device.
## Detection
- **Monitoring:** Monitor for "Service Unavailable" or "Connection Timeout" errors from the PPT30 OPC-UA server.
- **Log Analysis:** Review system logs for frequent socket errors or resource exhaustion warnings.
- **Tools:** Use industrial network security monitoring (NSM) tools to detect unusual spikes in connection attempts to the OPC-UA port.
## References
- **ABB Advisory (PDF):** hxxps[://]br-cws-assets[.]de-fra-1[.]linodeobjects[.]com/SA25P006-0eec719c[.]pdf
- **ABB Security Portal:** hxxps[://]global[.]abb/group/en/technology/cyber-security/alerts-and-notifications
- **Canadian Centre for Cyber Security:** hxxps[://]www[.]cyber[.]gc[.]ca/en/alerts-advisories/control-systems-abb-security-advisory-av26-510