Description
An Allocation of Resources Without Limits or Throttling vulnerability in the OPC-UA Server used in PPT30
Operating System versions before 1.8.0 may be used by an unauthenticated network-based attacker to
permanently prevent legitimate users from interacting with the service.
Published: 2026-05-26
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An attacker can exploit an Allocation of Resources Without Limits or Throttling flaw in the OPC‑UA Server of the PPT30 Operating System. The vulnerability permits an unauthenticated, network‑based user to allocate resources without restraint, causing the system to become permanently unresponsive to legitimate users. This results in a loss of availability for the affected service.

Affected Systems

B&R Industrial Automation GmbH's PPT30 Operating System, versions prior to 1.8.0, are affected. No specific patch level is mentioned beyond this threshold.

Risk and Exploitability

The CVSS score of 8.7 marks this as a high severity issue. EPSS data is absent, and the vulnerability is not listed in the CISA KEV catalog, suggesting that widespread exploitation has not yet been documented. Nevertheless, the fault can be leveraged remotely without authentication, making it feasible for adversaries with network reach to disrupt the service through sustained resource exhaustion.

Generated by OpenCVE AI on May 26, 2026 at 15:08 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the PPT30 Operating System to version 1.8.0 or later when a vendor‑issued update becomes available.
  • Configure network perimeter controls to limit which hosts can reach the OPC‑UA server, reducing the attack surface for unauthenticated access.
  • Implement application‑level or infrastructure‑level throttling and resource quotas on the OPC‑UA service to prevent excessive consumption of system resources.

Generated by OpenCVE AI on May 26, 2026 at 15:08 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 27 May 2026 10:30:00 +0000

Type Values Removed Values Added
First Time appeared Br-automation
Br-automation ppt30 Operating System
Vendors & Products Br-automation
Br-automation ppt30 Operating System

Tue, 26 May 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 26 May 2026 13:45:00 +0000

Type Values Removed Values Added
Description An Allocation of Resources Without Limits or Throttling vulnerability in the OPC-UA Server used in PPT30 Operating System versions before 1.8.0 may be used by an unauthenticated network-based attacker to permanently prevent legitimate users from interacting with the service.
Title Allocation of Resources Without Limits or Throttling in the OPC-UA Server
Weaknesses CWE-770
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Br-automation Ppt30 Operating System
cve-icon MITRE

Status: PUBLISHED

Assigner: ABB

Published:

Updated: 2026-05-26T14:42:28.838Z

Reserved: 2025-10-08T07:58:16.234Z

Link: CVE-2025-11482

cve-icon Vulnrichment

Updated: 2026-05-26T14:42:24.326Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-26T14:16:26.360

Modified: 2026-05-26T19:05:09.927

Link: CVE-2025-11482

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T10:05:19Z

Weaknesses
  • CWE-770

    Allocation of Resources Without Limits or Throttling