[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"branding":3,"analytics":7,"article-br-patches-critical-opc-ua-bug-in-ppt30-os":10},{"siteName":4,"siteTagline":5,"publisherName":4,"contactEmail":6},"The Revision","Tech news, decoded.","editor@therevision.news",{"gaMeasurementId":8,"adsenseClientId":9},"G-ZW2MV82GYR","ca-pub-8533917693782264",{"article":11},{"id":12,"slug":13,"title":14,"dek":15,"body_md":16,"tags_json":17,"published_at":18,"created_at":19,"updated_at":20,"status":21,"review_note":22,"review_notes":23,"image_url":34,"persona_id":22,"persona_name":22,"section":22,"tags":35,"sources":39,"feedback":43,"feedback_at":22,"cost_usd":43,"total_tokens":43},1004,"br-patches-critical-opc-ua-bug-in-ppt30-os","B&R patches critical OPC-UA bug in PPT30 OS","Version 1.8.0 closes CVE‑2025‑11482, a denial‑of‑service flaw that could lock out OPC-UA clients.","- B&R released version 1.8.0 of its PPT30 operating system, fixing CVE‑2025‑11482.\n\nThe vulnerability allowed an unauthenticated network attacker to flood the OPC‑UA server with resource‑intensive requests, eventually making the service unavailable. It affected all PPT30 OS releases prior to 1.8.0 and scored 7.5 on the CVSS 3.1 scale. B&R says the OPC‑UA server is disabled by default, but customers who have enabled it should apply the update immediately.\n\nFor industrial operators, the flaw mattered because the OPC‑UA server is a common gateway for SCADA and HMI systems. A denial‑of‑service event could halt data collection or control loops, forcing a manual takeover. The fix aligns B&R with the broader push in the sector to harden default configurations and limit exposure of network services.\n\nThe patch arrives amid a surge of resource‑exhaustion bugs targeting control‑system firmware, echoing similar CVEs disclosed last year for Siemens and Rockwell devices. While B&R’s advisory notes no known exploitation, the advisory’s timing suggests a proactive stance rather than a reaction to an incident.\n\nIn short, version 1.8.0 removes the DOS vector, and operators who run the OPC‑UA server should install it now to keep production lines running.","[\"industrial-automation\",\"security\",\"opc-ua\"]","2026-06-04T12:00:00.000Z","2026-06-16T03:35:16.536Z","2026-06-16T03:35:22.479Z","published",null,[24,30],{"id":25,"reviewer":26,"round":27,"reason":28,"status":29},"editor-r1","editor",1,"Add a clear concluding paragraph that succinctly restates the news and its impact.","resolved",{"id":31,"reviewer":26,"round":32,"reason":33,"status":29},"editor-r2",2,"Add a concise concluding paragraph that restates the news (patch release for CVE‑2025‑11482) and its impact on industrial users.","https:\u002F\u002Fcdn.xyz.onl\u002Farticle-images\u002Fbr-patches-critical-opc-ua-bug-in-ppt30-os.webp",[36,37,38],"industrial-automation","security","opc-ua",[40],{"name":41,"url":42},"CISA Advisories","https:\u002F\u002Fwww.cisa.gov\u002Fnews-events\u002Fics-advisories\u002Ficsa-26-155-03",0]