Approved changes feed: RSS · Atom
cpe:2.3:a:b&r_industrial_automation:b&r_aprol:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | B&R Industrial Automation (96528465-c3bc-5a8a-9f58-0063fc26b089) |
|---|---|
| Product | B&R Aprol (424ae11f-0db0-5860-ae63-67d3b485f106) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-8315 |
vulnerable | 2026-06-03 14:58:18.117714 |
Improper Handling of Insufficient Permissions or Privileges in B&R APROL
An Improper Handling of Insufficient Permissions or Privileges vulnerability in scripts used in B&R APROL <4.4-00P5 may allow an authenticated local attacker to read credential information.
Published: 2025-03-25T04:31:27.667Z
Updated: 2025-03-25T13:22:20.976Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-5624 |
vulnerable | 2026-06-03 14:57:53.417438 |
Reflected Cross-Site Scripting (XSS) in Shift Logbook application of B&R APROL
Reflected Cross-Site Scripting (XSS) in Shift Logbook application of B&R APROL <= R 4.4-00P3 may allow a network-based attacker to execute arbitrary JavaScript code in the context of the user's browser session
Published: 2024-08-29T08:53:06.058Z
Updated: 2024-08-29T13:40:31.563Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-5623 |
vulnerable | 2026-06-03 14:57:53.416878 |
Untrusted search path vulnerability in B&R APROL
An untrusted search path vulnerability in B&R APROL <= R 4.4-00P3 may be used by an authenticated local attacker to get other users to execute arbitrary code under their privileges.
Published: 2024-08-29T08:51:26.052Z
Updated: 2024-08-29T13:46:16.304Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-5622 |
vulnerable | 2026-06-03 14:57:53.415575 |
Untrusted search path vulnerability in the AprolConfigureCCServices of B&R APROL
An untrusted search path vulnerability in the AprolConfigureCCServices of B&R APROL <= R 4.2.-07P3 and <= R 4.4-00P3 may allow an authenticated local attacker to execute arbitrary code with elevated privileges.
Published: 2024-08-29T08:49:48.300Z
Updated: 2024-08-29T13:29:24.311Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-45482 |
vulnerable | 2026-06-03 14:56:56.684658 |
Privilege escalation in B&R APROL
An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the SSH server on B&R APROL <4.4-00P1 may allow an authenticated local attacker from a trusted remote server to execute malicious commands.
Published: 2025-03-25T04:52:56.296Z
Updated: 2025-03-25T14:23:53.190Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-45481 |
vulnerable | 2026-06-03 14:56:56.684375 |
Improper authentication in SSH of B&R APROL
An Incomplete Filtering of Special Elements vulnerability in scripts using the SSH server on B&R APROL <4.4-00P5 may allow an authenticated local attacker to authenticate as another legitimate user.
Published: 2025-03-25T04:52:06.675Z
Updated: 2025-03-25T14:25:20.372Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-45480 |
vulnerable | 2026-06-03 14:56:56.684009 |
Unauthorized local file reading in B&R APROL
An improper control of generation of code ('Code Injection') vulnerability in the AprolCreateReport component of B&R APROL <4.4-00P5 may allow an unauthenticated network-based attacker to read files from the local system.
Published: 2025-03-25T04:50:52.976Z
Updated: 2025-03-25T14:32:15.379Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-43765 |
vulnerable | 2026-06-03 14:48:15.831681 |
DoS in APROLs Tbase server
HIGH (7.5)
B&R APROL versions < R 4.2-07 doesn’t process correctly specially
formatted data packages sent to port 55502/tcp, which may allow a network based
attacker to cause an application Denial-of-Service.
Published: 2023-02-08T10:17:07.894Z
Updated: 2025-03-25T13:58:06.196Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-43764 |
vulnerable | 2026-06-03 14:48:15.831316 |
Buffer overflow when changing configuration on Tbase Server
CRITICAL (9.8)
Insufficient validation of input parameters when
changing configuration on Tbase server in B&R APROL versions < R 4.2-07 could result in buffer
overflow. This may lead to Denial-of-Service conditions or execution of
arbitrary code.
Published: 2023-02-08T10:12:50.627Z
Updated: 2025-03-25T13:58:51.605Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-43763 |
vulnerable | 2026-06-03 14:48:15.830948 |
Lack of checking preconditions in APROL
HIGH (7.5)
Insufficient check of preconditions could lead
to Denial of Service conditions when calling commands on the Tbase server of B&R APROL versions < R 4.2-07.
Published: 2023-02-08T10:11:09.261Z
Updated: 2025-03-25T13:59:26.651Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-43762 |
vulnerable | 2026-06-03 14:48:15.830551 |
Memory leak when receiving messages in APROL Tbase server
HIGH (7.5)
Lack of verification in B&R APROL
Tbase server versions < R 4.2-07 may lead to memory leaks when receiving messages
Published: 2023-02-08T10:06:06.480Z
Updated: 2025-03-25T14:00:12.544Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-43761 |
vulnerable | 2026-06-03 14:48:15.829406 |
Lack of authentication when managing APROL database
CRITICAL (9.4)
Missing authentication when creating and
managing the B&R APROL database in versions < R 4.2-07
allows reading and changing the system configuration.
Published: 2023-02-08T09:33:28.002Z
Updated: 2025-03-25T13:54:18.752Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.