Skip to main content

TLS CVE-2025-11043

HIGH
Improper Certificate Validation (CWE-295)
2026-01-19 cybersecurity@ch.abb.com
TLS
7.4
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Jan 19, 2026 - 16:15 nvd
HIGH 7.4

DescriptionNVD

An Improper Certificate Validation vulnerability in the OPC-UA client and ANSL over TLS client used in Automation Studio versions before 6.5 could allow an unauthenticated attacker on the network to position themselves to intercept and interfere with data exchanges.

AnalysisAI

An Improper Certificate Validation vulnerability in the OPC-UA client and ANSL over TLS client used in Automation Studio versions up to 6.5 is affected by improper certificate validation (CVSS 7.4).

Technical ContextAI

This vulnerability (CWE-295: Improper Certificate Validation) affects An Improper Certificate Validation vulnerability in the OPC-UA client and ANSL over TLS client used in Automation Studio. An Improper Certificate Validation vulnerability in the OPC-UA client and ANSL over TLS client used in Automation Studio versions before 6.5 could allow an unauthenticated attacker on the network to position themselves to intercept and interfere with data exchanges.

Affected ProductsAI

Product: An Improper Certificate Validation vulnerability in the OPC-UA client and ANSL over TLS client used in Automation Studio. Versions: up to 6.5.

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

Share

CVE-2025-11043 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy