Industrial Automation Aprol
Approved changes feed: RSS · Atom
cpe:2.3:a:br-automation:industrial_automation_aprol:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Br Automation (9a6d54fa-e6bc-5bbc-b950-3afd1660c473) |
|---|---|
| Product | Industrial Automation Aprol (81705abe-5660-59c6-bb93-ad930b923cdb) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-5624 |
vulnerable | 2026-06-03 14:57:53.417471 |
Reflected Cross-Site Scripting (XSS) in Shift Logbook application of B&R APROL
Reflected Cross-Site Scripting (XSS) in Shift Logbook application of B&R APROL <= R 4.4-00P3 may allow a network-based attacker to execute arbitrary JavaScript code in the context of the user's browser session
Published: 2024-08-29T08:53:06.058Z
Updated: 2024-08-29T13:40:31.563Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-5623 |
vulnerable | 2026-06-03 14:57:53.416834 |
Untrusted search path vulnerability in B&R APROL
An untrusted search path vulnerability in B&R APROL <= R 4.4-00P3 may be used by an authenticated local attacker to get other users to execute arbitrary code under their privileges.
Published: 2024-08-29T08:51:26.052Z
Updated: 2024-08-29T13:46:16.304Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-5622 |
vulnerable | 2026-06-03 14:57:53.416361 |
Untrusted search path vulnerability in the AprolConfigureCCServices of B&R APROL
An untrusted search path vulnerability in the AprolConfigureCCServices of B&R APROL <= R 4.2.-07P3 and <= R 4.4-00P3 may allow an authenticated local attacker to execute arbitrary code with elevated privileges.
Published: 2024-08-29T08:49:48.300Z
Updated: 2024-08-29T13:29:24.311Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-43765 |
vulnerable | 2026-06-03 14:48:15.831716 |
DoS in APROLs Tbase server
HIGH (7.5)
B&R APROL versions < R 4.2-07 doesn’t process correctly specially
formatted data packages sent to port 55502/tcp, which may allow a network based
attacker to cause an application Denial-of-Service.
Published: 2023-02-08T10:17:07.894Z
Updated: 2025-03-25T13:58:06.196Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-43764 |
vulnerable | 2026-06-03 14:48:15.831347 |
Buffer overflow when changing configuration on Tbase Server
CRITICAL (9.8)
Insufficient validation of input parameters when
changing configuration on Tbase server in B&R APROL versions < R 4.2-07 could result in buffer
overflow. This may lead to Denial-of-Service conditions or execution of
arbitrary code.
Published: 2023-02-08T10:12:50.627Z
Updated: 2025-03-25T13:58:51.605Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-43763 |
vulnerable | 2026-06-03 14:48:15.830981 |
Lack of checking preconditions in APROL
HIGH (7.5)
Insufficient check of preconditions could lead
to Denial of Service conditions when calling commands on the Tbase server of B&R APROL versions < R 4.2-07.
Published: 2023-02-08T10:11:09.261Z
Updated: 2025-03-25T13:59:26.651Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-43762 |
vulnerable | 2026-06-03 14:48:15.830594 |
Memory leak when receiving messages in APROL Tbase server
HIGH (7.5)
Lack of verification in B&R APROL
Tbase server versions < R 4.2-07 may lead to memory leaks when receiving messages
Published: 2023-02-08T10:06:06.480Z
Updated: 2025-03-25T14:00:12.544Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-43761 |
vulnerable | 2026-06-03 14:48:15.829998 |
Lack of authentication when managing APROL database
CRITICAL (9.4)
Missing authentication when creating and
managing the B&R APROL database in versions < R 4.2-07
allows reading and changing the system configuration.
Published: 2023-02-08T09:33:28.002Z
Updated: 2025-03-25T13:54:18.752Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-19878 |
vulnerable | 2026-06-03 14:40:05.987068 |
Details available
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get access to historical data from AprolSqlServer by bypassing authentication, a different vulnerability than CVE-2019-16358.
Published: 2020-11-27T16:24:00.000Z
Updated: 2024-08-05T02:32:09.328Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-19877 |
vulnerable | 2026-06-03 14:40:05.986806 |
Details available
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get access to sensitive information outside the working directory via Directory Traversal attacks against AprolSqlServer, a different vulnerability than CVE-2019-16357.
Published: 2020-11-27T16:23:21.000Z
Updated: 2024-08-05T02:32:09.381Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-19876 |
vulnerable | 2026-06-03 14:40:05.986553 |
Details available
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An EnMon PHP script was vulnerable to SQL injection, a different vulnerability than CVE-2019-10006.
Published: 2020-11-27T16:22:13.000Z
Updated: 2024-08-05T02:32:09.337Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-19875 |
vulnerable | 2026-06-03 14:40:05.986291 |
Details available
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. Arbitrary commands could be injected (using Python scripts) via the AprolCluster script that is invoked via sudo and thus executes with root privileges, a different vulnerability than CVE-2019-16364.
Published: 2020-11-27T16:21:13.000Z
Updated: 2024-08-05T02:32:09.359Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-19874 |
vulnerable | 2026-06-03 14:40:05.986018 |
Details available
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. Some web scripts in the web interface allowed injection and execution of arbitrary unintended commands on the web server, a different vulnerability than CVE-2019-16364.
Published: 2020-11-27T16:20:06.000Z
Updated: 2024-08-05T02:32:08.891Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-19873 |
vulnerable | 2026-06-03 14:40:05.985729 |
Details available
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get information from the AprolSqlServer DBMS by bypassing authentication, a different vulnerability than CVE-2019-16356 and CVE-2019-9983.
Published: 2020-11-27T16:18:34.000Z
Updated: 2024-08-05T02:32:08.812Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-19872 |
vulnerable | 2026-06-03 14:40:05.985425 |
Details available
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. The AprolLoader could be used to inject and execute arbitrary unintended commands via an unspecified attack scenario, a different vulnerability than CVE-2019-16364.
Published: 2020-11-27T14:08:11.000Z
Updated: 2024-08-05T02:32:08.921Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-19869 |
vulnerable | 2026-06-03 14:40:05.985025 |
Details available
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. PVs could be changed (unencrypted) by using the IosHttp service and the JSON interface.
Published: 2020-11-27T14:06:07.000Z
Updated: 2024-08-05T02:32:08.916Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.