Lucene search

ABBCVELIST:CVE-2024-5623

HistoryAug 29, 2024 - 8:51 a.m.

CVE-2024-5623 Untrusted search path vulnerability in B&R APROL

2024-08-2908:51:26

CWE-267

CWE-250

ABB

www.cve.org

untrusted search path

b&r aprol

vulnerability

authenticated

local attacker

arbitrary code

CVSS4

5.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

PASSIVE

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N

EPSS

Percentile

9.6%

JSON

An untrusted search path vulnerability in B&R APROL <= R 4.4-00P3 may be used by an authenticated local attacker to get other users to execute arbitrary code under their privileges.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "B&R APROL",
    "vendor": "B&R Industrial Automation",
    "versions": [
      {
        "lessThanOrEqual": "<= R 4.4-00P3",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.br-automation.com/fileadmin/SA24P2014_Multiple_vulnerabilities_in_BR_APROL.pdf-367290ae.pdf