A resource exhaustion vulnerability in B&R PPT30 Operating System versions prior to 1.8.0 allows unauthenticated remote attackers to disable the OPC-UA server, preventing legitimate access to the service. The flaw affects industrial automation equipment deployed across critical infrastructure sectors including energy and manufacturing. B&R has released version 1.8.0 as a fix, and recommends customers with OPC-UA enabled upgrade immediately.

Why it matters in Western Canada: Western Canadian energy, utilities, and critical infrastructure operators deploying B&R industrial automation systems may rely on PPT30 devices for operational technology control. An attacker exploiting this vulnerability could disrupt service availability in power generation, water treatment, or manufacturing facilities.

CVEs: CVE-2025-11482

---

Summary generated from the original advisory. Read the full source: cisa-advisories