Lucene search

[email protected]NVD:CVE-2024-5623

HistoryAug 29, 2024 - 11:15 a.m.

CVE-2024-5623

2024-08-2911:15:27

CWE-250

CWE-426

CWE-267

[email protected]

web.nvd.nist.gov

vulnerability

b&r aprol

authenticated

local attacker

arbitrary code

privileges

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.6%

JSON

An untrusted search path vulnerability in B&R APROL <= R 4.4-00P3 may be used by an authenticated local attacker to get other users to execute arbitrary code under their privileges.

Affected configurations

Nvd

Node

br-automationindustrial_automation_aprolRange≤r4.4-00p3

VendorProductVersionCPE
br-automationindustrial_automation_aprol*cpe:2.3:a:br-automation:industrial_automation_aprol:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
br-automation	industrial_automation_aprol	*	cpe:2.3:a:br-automation:industrial_automation_aprol::::::::

References

www.br-automation.com/fileadmin/SA24P2014_Multiple_vulnerabilities_in_BR_APROL.pdf-367290ae.pdf

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.6%

JSON

Related for NVD:CVE-2024-5623

cvelist1 vulnrichment1 cve1