Lucene search

ABBCVELIST:CVE-2024-5622

HistoryAug 29, 2024 - 8:49 a.m.

CVE-2024-5622 Untrusted search path vulnerability in the AprolConfigureCCServices of B&R APROL

2024-08-2908:49:48

CWE-267

CWE-250

ABB

www.cve.org

cve-2024-5622

vulnerability

aprolconfigureccservices

b&r aprol

elevated privileges

arbitrary code

local attacker

untrusted search path

CVSS4

7.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N

EPSS

Percentile

9.6%

JSON

An untrusted search path vulnerability in the AprolConfigureCCServices of B&R APROL <= R 4.2.-07P3 and <= R 4.4-00P3 may allow an authenticated local attacker to execute arbitrary code with elevated privileges.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "AprolConfigureCCServices"
    ],
    "product": "B&R APROL",
    "vendor": "B&R Industrial Automation",
    "versions": [
      {
        "lessThanOrEqual": "<= R 4.2-07P3",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "<= R 4.4-00P3",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.br-automation.com/fileadmin/SA24P2014_Multiple_vulnerabilities_in_BR_APROL.pdf-367290ae.pdf