B&R PPT30 Operating System
Summary
CISA has issued an alert regarding a vulnerability in B&R PPT30 Operating System, specifically affecting versions prior to 1.8.0. Successful exploitation of this flaw could allow an unauthenticated attacker to make the product's OPC-UA server inaccessible, impacting critical infrastructure sectors.
IFF Assessment
The vulnerability described allows an unauthenticated attacker to cause a denial of service, which is detrimental to defenders' ability to maintain system availability.
Severity
The CVSS score of 7.5 is assigned due to the nature of the vulnerability (Allocation of Resources Without Limits or Throttling), which allows an unauthenticated network-based attacker to achieve a high impact by making the OPC-UA server inaccessible.
Defender Context
This vulnerability highlights the ongoing risks associated with industrial control systems (ICS) and operational technology (OT). Defenders should be aware of the potential for denial-of-service attacks against critical infrastructure components like OPC-UA servers, emphasizing the need for prompt patching and careful configuration of network services.