Industrial Automation Aprol Security Vulnerabilities and Issues — Industrial Automation Aprol CVE List

Lucene search

Br-automationIndustrial Automation Aprol

16 matches found

CVE•added 2020/11/27 5:15 p.m.•85 views

CVE-2019-19876

An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An EnMon PHP script was vulnerable to SQL injection, a different vulnerability than CVE-2019-10006.

9.8CVSS9.5AI score

CVE•added 2020/11/27 5:15 p.m.•60 views

CVE-2019-19877

An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get access to sensitive information outside the working directory via Directory Traversal attacks against AprolSqlServer, a different vulnerability than CVE-2019-16357.

5.3CVSS5.1AI score

CVE•added 2020/11/27 5:15 p.m.•58 views

CVE-2019-19878

An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get access to historical data from AprolSqlServer by bypassing authentication, a different vulnerability than CVE-2019-16358.

7.5CVSS7.4AI score

CVE•added 2020/11/27 5:15 p.m.•55 views

CVE-2019-19873

An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get information from the AprolSqlServer DBMS by bypassing authentication, a different vulnerability than CVE-2019-16356 and CVE-2019-9983.

7.5CVSS7.4AI score

CVE•added 2020/11/27 5:15 p.m.•54 views

CVE-2019-19874

An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. Some web scripts in the web interface allowed injection and execution of arbitrary unintended commands on the web server, a different vulnerability than CVE-2019-16364.

9.8CVSS9.7AI score

CVE•added 2020/11/27 5:15 p.m.•53 views

CVE-2019-19875

An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. Arbitrary commands could be injected (using Python scripts) via the AprolCluster script that is invoked via sudo and thus executes with root privileges, a different vulnerability than CVE-2019-16364.

10CVSS9.4AI score

CVE•added 2023/02/08 11:15 a.m.•51 views

CVE-2022-43762

Lack of verification in B&R APROLTbase server versions

9.8CVSS8.7AI score0.00213EPSS

CVE•added 2020/11/27 3:15 p.m.•49 views

CVE-2019-19872

An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. The AprolLoader could be used to inject and execute arbitrary unintended commands via an unspecified attack scenario, a different vulnerability than CVE-2019-16364.

9.8CVSS9.6AI score

CVE•added 2023/02/08 11:15 a.m.•45 views

CVE-2022-43764

Insufficient validation of input parameters whenchanging configuration on Tbase server in B&R APROL versions

9.8CVSS9.6AI score0.0023EPSS

CVE•added 2024/08/29 11:15 a.m.•43 views

CVE-2024-5622

An untrusted search path vulnerability in the AprolConfigureCCServices of B&R APROL <= R 4.2.-07P3 and

7.8CVSS7.8AI score0.00027EPSS

CVE•added 2023/02/08 10:15 a.m.•41 views

CVE-2022-43761

Missing authentication when creating andmanaging the B&R APROL database in versions

9.4CVSS7.9AI score0.0007EPSS

CVE•added 2020/11/27 3:15 p.m.•40 views

CVE-2019-19869

An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. PVs could be changed (unencrypted) by using the IosHttp service and the JSON interface.

7.5CVSS7.5AI score0.00241EPSS

CVE•added 2024/08/29 11:15 a.m.•36 views

CVE-2024-5624

Reflected Cross-Site Scripting (XSS) in Shift Logbook application of B&R APROL

6.1CVSS6AI score0.00196EPSS

CVE•added 2023/02/08 11:15 a.m.•35 views

CVE-2022-43763

Insufficient check of preconditions could leadto Denial of Service conditions when calling commands on the Tbase server of B&R APROL versions

7.5CVSS7.6AI score0.00186EPSS

CVE•added 2024/08/29 11:15 a.m.•35 views

CVE-2024-5623

An untrusted search path vulnerability in B&R APROL