7.2

CVSS4.0

CVE-2024-45484 - Enabled ICMP redirection in B&R APROL

An Allocation of Resources Without Limits or Throttling vulnerability in the operating system network configuration used in B&R APROL <4.4-00P5 may allow an unauthenticated adjacent attacker to per-form Denial-of-Service (DoS) attacks against the product.

πŸ“… Published: March 25, 2025, 4:55 a.m. πŸ”„ Last Modified: March 31, 2025, 6:07 p.m.

7

CVSS4.0

CVE-2024-45483 - Missing GRUB password in B&R APROL

A Missing Authentication for Critical Function vulnerability in the GRUB configuration used B&R APROL <4.4-01 may allow an unauthenticated physical attacker to alter the boot configuration of the operating system.

πŸ“… Published: March 25, 2025, 4:54 a.m. πŸ”„ Last Modified: March 27, 2025, 4:45 p.m.

8.5

CVSS4.0

CVE-2024-45482 - Privilege escalation in B&R APROL

An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the SSH server on B&R APROL <4.4-00P1 may allow an authenticated local attacker from a trusted remote server to execute malicious commands.

πŸ“… Published: March 25, 2025, 4:52 a.m. πŸ”„ Last Modified: March 27, 2025, 4:45 p.m.

8.5

CVSS4.0

CVE-2024-45481 - Improper authentication in SSH of B&R APROL

An Incomplete Filtering of Special Elements vulnerability in scripts using the SSH server on B&R APROL <4.4-00P5 may allow an authenticated local attacker to authenticate as another legitimate user.

πŸ“… Published: March 25, 2025, 4:52 a.m. πŸ”„ Last Modified: March 27, 2025, 4:45 p.m.

9.2

CVSS4.0

CVE-2024-45480 - Unauthorized local file reading in B&R APROL

An improper control of generation of code ('Code Injection') vulnerability in the AprolCreateReport component of B&R APROL <4.4-00P5 may allow an unauthenticated network-based attacker to read files from the local system.

πŸ“… Published: March 25, 2025, 4:50 a.m. πŸ”„ Last Modified: March 27, 2025, 4:45 p.m.

8.5

CVSS4.0

CVE-2024-10209 - Incorrect Permission Assignment in APROL file system

An Incorrect Permission Assignment for Critical Resource vulnerability in the file system used in B&R APROL <4.4-01 may allow an authenticated local attacker to read and alter the configuration of another engineering or runtime user.

πŸ“… Published: March 25, 2025, 4:46 a.m. πŸ”„ Last Modified: March 27, 2025, 4:45 p.m.

5.1

CVSS4.0

CVE-2024-10208 - Cross Site Scripting vulnerability in APROL Web Portal

An Improper Neutralization of Input During Web Page Generation vulnerability in the APROL Web Portal used in B&R APROL <4.4-00P5 may allow an authenticated network-based attacker to insert malicious code which is then executed in the context of the user’s browser session.

πŸ“… Published: March 25, 2025, 4:43 a.m. πŸ”„ Last Modified: March 27, 2025, 4:45 p.m.

5.3

CVSS4.0

CVE-2024-10207 - Server-Side Request Forgery (authenticated) in APROL Web Portal

A Server-Side Request Forgery vulnerability in the APROL Web Portal used in B&R APROL <4.4-00P5 may allow an authenticated network-based attacker to force the web server to request arbitrary URLs.

πŸ“… Published: March 25, 2025, 4:42 a.m. πŸ”„ Last Modified: March 27, 2025, 4:45 p.m.

6.9

CVSS4.0

CVE-2024-10206 - Server-Side Request Forgery (unauthenticated) in APROL Web Portal

A Server-Side Request Forgery vulnerability in the APROL Web Portal used in B&R APROL <4.4-00P5 may allow an unauthenticated network-based attacker to force the web server to request arbitrary URLs.

πŸ“… Published: March 25, 2025, 4:33 a.m. πŸ”„ Last Modified: March 27, 2025, 4:45 p.m.

6.8

CVSS4.0

CVE-2024-8315 - Improper Handling of Insufficient Permissions or Privileges in B&R APROL

An Improper Handling of Insufficient Permissions or Privileges vulnerability in scripts used in B&R APROL <4.4-00P5 may allow an authenticated local attacker to read credential information.

πŸ“… Published: March 25, 2025, 4:31 a.m. πŸ”„ Last Modified: March 27, 2025, 4:45 p.m.
Total resulsts: 343948
Page 5702 of 34,395
Β« previous page Β» next page
Filters