Lucene search

ABBVULNRICHMENT:CVE-2024-5622

HistoryAug 29, 2024 - 8:49 a.m.

CVE-2024-5622 Untrusted search path vulnerability in the AprolConfigureCCServices of B&R APROL

2024-08-2908:49:48

CWE-267

CWE-250

ABB

github.com

cve-2024-5622

aprolconfigureccservices

b&r aprol

vulnerability

execute arbitrary code

elevated privileges

CVSS4

7.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N

AI Score

7.5

Confidence

High

EPSS

Percentile

9.6%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

An untrusted search path vulnerability in the AprolConfigureCCServices of B&R APROL <= R 4.2.-07P3 and <= R 4.4-00P3 may allow an authenticated local attacker to execute arbitrary code with elevated privileges.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:b_and_r_industrial_automotion:b_and_r_aprol:*:*:*:*:*:*:*:*"
    ],
    "vendor": "b_and_r_industrial_automotion",
    "product": "b_and_r_aprol",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "R 4.2-07P3"
      },
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "R 4.4-00P3"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

www.br-automation.com/fileadmin/SA24P2014_Multiple_vulnerabilities_in_BR_APROL.pdf-367290ae.pdf