ABB Ability Edgenius: Copy Fail

The problem is corrected in the following product versions: - Edgenius 3.2.4.1 ABB recommends that customers apply the update at earliest convenience.

Mitigating factors describe conditions and circumstances that make an attack that exploits the vulnerability difficult or less likely to succeed. Refer to section General security recommendations for further advise on how to keep your system secure. Recommended mitigation factors - Limit access to ssh or cockpit - By default, no additional lower privilege users are present on Edgenius installations

For affected products, software updates should be installed upon availability. Product Patch version - APROL : APROL-AutoYaST-DVD- V4.4-010.10.260602 Until remediated software versions are available, customers are required to conduct a risk assessment of their affected systems and to implement the mitigation measures and workarounds specified in this advisory.

Security researchers have identified and validated the following workarounds to reduce exposure to the vulnerabilities described in this advisory. These measures do not remediate the underlying vulnerabilities but effectively block known attack vectors until patched software versions are deployed. Important: Customers are advised to thoroughly test their systems after applying any of the listed workarounds. B&R has no visibility into customer-specific applications running on the underlying Linux system. It is the customer's responsibility to assess whether the applied workarounds interfere with existing application workloads prior to deployment in production environments. For Debian-based systems within an active support lifecycle, kernel patches addressing CVE-2026-31431 are already available via the official package repositories. Customers are strongly encouraged to apply these updates immediately by executing the following command: sudo apt update && sudo apt upgrade A system reboot is required after the upgrade for the updated kernel to take effect. Temporary Mitigation: If an immediate system update is not feasible, the affected kernel module (algif_aead) can be disabled persistently. Security researchers have confirmed this measure effectively prevents exploitation of CVE-2026-31431. Execute the following commands as root: echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif.conf rmmod algif_aead 2>/dev/null || true Impact assessment: Disabling the algif_aead module removes the AEAD socket interface from the kernel cryp-to API. This does not affect dm-crypt/LUKS, kTLS, IPsec/XFRM, OpenSSL, GnuTLS, NSS, or SSH. Applications explicitly configured to use the afalg engine or that directly bind aead, skcipher, or hash sockets via AF_ALG may be affected. To assess exposure prior to applying this workaround, run: lsof | grep AF_ALG

Successful exploitation of the vulnerabilities described in this advisory requires local access to the affected system with low-privileged user credentials. Customers are strongly advised to enforce strict access control policies on all Linux-based systems, ensuring that interactive access is exclusively granted to authorized and trusted personnel. This includes reviewing and hardening user account permissions and disabling unused accounts. Refer to section “General security recommendations” for further advise on how to keep your system secure.

Successful exploitation of the vulnerabilities described in this advisory requires local access to the affected system with low-privileged user credentials. Customers are strongly advised to enforce strict access control policies on all Linux-based systems, ensuring that interactive access is exclusively granted to authorized and trusted personnel. This includes reviewing and hardening user account permissions and disabling unused accounts. Refer to section “General security recommendations” for further advise on how to keep your system secure.

For affected products, software updates should be installed upon availability. Product Patch version - APROL : APROL-AutoYaST-DVD- V4.4-010.10.260602 Until remediated software versions are available, customers are required to conduct a risk assessment of their affected systems and to implement the mitigation measures and workarounds specified in this advisory.

Security researchers have identified and validated the following workarounds to reduce exposure to the vulnerabilities described in this advisory. These measures do not remediate the underlying vulnerabilities but effectively block known attack vectors until patched software versions are deployed. Important: Customers are advised to thoroughly test their systems after applying any of the listed workarounds. B&R has no visibility into customer-specific applications running on the underlying Linux system. It is the customer's responsibility to assess whether the applied workarounds interfere with existing application workloads prior to deployment in production environments. For Debian-based systems within an active support lifecycle, kernel patches addressing CVE-2026-31431 are already available via the official package repositories. Customers are strongly encouraged to apply these updates immediately by executing the following command: sudo apt update && sudo apt upgrade A system reboot is required after the upgrade for the updated kernel to take effect. Temporary Mitigation: If an immediate system update is not feasible, the affected kernel module (algif_aead) can be disabled persistently. Security researchers have confirmed this measure effectively prevents exploitation of CVE-2026-31431. Execute the following commands as root: echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif.conf rmmod algif_aead 2>/dev/null || true Impact assessment: Disabling the algif_aead module removes the AEAD socket interface from the kernel cryp-to API. This does not affect dm-crypt/LUKS, kTLS, IPsec/XFRM, OpenSSL, GnuTLS, NSS, or SSH. Applications explicitly configured to use the afalg engine or that directly bind aead, skcipher, or hash sockets via AF_ALG may be affected. To assess exposure prior to applying this workaround, run: lsof | grep AF_ALG

Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.

Only build and run applications from trusted sources.

Only build and run applications from trusted sources.

Limit access to the interactive shell of the additional GNU/Linux subssytem to trusted personnel only.