APROL
CVEs (26)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-43764 | Cri | 0.64 | 9.8 | 0.01 | Feb 8, 2023 | Insufficient validation of input parameters when changing configuration on Tbase server in B&R APROL versions < R 4.2-07 could result in buffer overflow. This may lead to Denial-of-Service conditions or execution of arbitrary code. | ||
| CVE-2019-19876 | Cri | 0.64 | 9.8 | 0.01 | Nov 27, 2020 | An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An EnMon PHP script was vulnerable to SQL injection, a different vulnerability than CVE-2019-10006. | ||
| CVE-2019-19875 | Cri | 0.64 | 9.8 | 0.01 | Nov 27, 2020 | An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. Arbitrary commands could be injected (using Python scripts) via the AprolCluster script that is invoked via sudo and thus executes with root privileges, a different vulnerability than CVE-2019-16364. | ||
| CVE-2019-19874 | Cri | 0.64 | 9.8 | 0.02 | Nov 27, 2020 | An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. Some web scripts in the web interface allowed injection and execution of arbitrary unintended commands on the web server, a different vulnerability than CVE-2019-16364. | ||
| CVE-2019-19872 | Cri | 0.64 | 9.8 | 0.01 | Nov 27, 2020 | An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. The AprolLoader could be used to inject and execute arbitrary unintended commands via an unspecified attack scenario, a different vulnerability than CVE-2019-16364. | ||
| CVE-2022-43761 | Cri | 0.61 | 9.4 | 0.01 | Feb 8, 2023 | Missing authentication when creating and managing the B&R APROL database in versions < R 4.2-07 allows reading and changing the system configuration. | ||
| CVE-2024-45480 | Cri | 0.60 | — | 0.00 | Mar 25, 2025 | An improper control of generation of code ('Code Injection') vulnerability in the AprolCreateReport component of B&R APROL <4.4-00P5 may allow an unauthenticated network-based attacker to read files from the local system. | ||
| CVE-2024-8313 | Hig | 0.57 | — | 0.00 | Mar 25, 2025 | An Exposure of Sensitive System Information to an Unauthorized Control Sphere and Initialization of a Resource with an Insecure Default vulnerability in the SNMP component of B&R APROL <4.4-00P5 may allow an unauthenticated adjacent-based attacker to read and alter configuration… | ||
| CVE-2024-45482 | Hig | 0.55 | — | 0.00 | Mar 25, 2025 | An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the SSH server on B&R APROL <4.4-00P1 may allow an authenticated local attacker from a trusted remote server to execute malicious commands. | ||
| CVE-2024-45481 | Hig | 0.55 | — | 0.00 | Mar 25, 2025 | An Incomplete Filtering of Special Elements vulnerability in scripts using the SSH server on B&R APROL <4.4-00P5 may allow an authenticated local attacker to authenticate as another legitimate user. | ||
| CVE-2024-10209 | Hig | 0.55 | — | 0.00 | Mar 25, 2025 | An Incorrect Permission Assignment for Critical Resource vulnerability in the file system used in B&R APROL <4.4-01 may allow an authenticated local attacker to read and alter the configuration of another engineering or runtime user. | ||
| CVE-2024-5623 | Hig | 0.51 | 7.8 | 0.00 | Aug 29, 2024 | An untrusted search path vulnerability in B&R APROL <= R 4.4-00P3 may be used by an authenticated local attacker to get other users to execute arbitrary code under their privileges. | ||
| CVE-2024-5622 | Hig | 0.51 | 7.8 | 0.00 | Aug 29, 2024 | An untrusted search path vulnerability in the AprolConfigureCCServices of B&R APROL <= R 4.2.-07P3 and <= R 4.4-00P3 may allow an authenticated local attacker to execute arbitrary code with elevated privileges. | ||
| CVE-2022-43765 | Hig | 0.49 | 7.5 | 0.01 | Feb 8, 2023 | B&R APROL versions < R 4.2-07 doesn’t process correctly specially formatted data packages sent to port 55502/tcp, which may allow a network based attacker to cause an application Denial-of-Service. | ||
| CVE-2022-43763 | Hig | 0.49 | 7.5 | 0.01 | Feb 8, 2023 | Insufficient check of preconditions could lead to Denial of Service conditions when calling commands on the Tbase server of B&R APROL versions < R 4.2-07. | ||
| CVE-2022-43762 | Hig | 0.49 | 7.5 | 0.01 | Feb 8, 2023 | Lack of verification in B&R APROL Tbase server versions < R 4.2-07 may lead to memory leaks when receiving messages | ||
| CVE-2019-19878 | Hig | 0.49 | 7.5 | 0.01 | Nov 27, 2020 | An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get access to historical data from AprolSqlServer by bypassing authentication, a different vulnerability than CVE-2019-16358. | ||
| CVE-2019-19873 | Hig | 0.49 | 7.5 | 0.01 | Nov 27, 2020 | An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get information from the AprolSqlServer DBMS by bypassing authentication, a different vulnerability than CVE-2019-16356 and CVE-2019-9983. | ||
| CVE-2019-19869 | Hig | 0.49 | 7.5 | 0.01 | Nov 27, 2020 | An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. PVs could be changed (unencrypted) by using the IosHttp service and the JSON interface. | ||
| CVE-2024-45484 | Hig | 0.47 | — | 0.00 | Mar 25, 2025 | An Allocation of Resources Without Limits or Throttling vulnerability in the operating system network configuration used in B&R APROL <4.4-00P5 may allow an unauthenticated adjacent attacker to per-form Denial-of-Service (DoS) attacks against the product. |
- risk 0.64cvss 9.8epss 0.01
Insufficient validation of input parameters when changing configuration on Tbase server in B&R APROL versions < R 4.2-07 could result in buffer overflow. This may lead to Denial-of-Service conditions or execution of arbitrary code.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An EnMon PHP script was vulnerable to SQL injection, a different vulnerability than CVE-2019-10006.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. Arbitrary commands could be injected (using Python scripts) via the AprolCluster script that is invoked via sudo and thus executes with root privileges, a different vulnerability than CVE-2019-16364.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. Some web scripts in the web interface allowed injection and execution of arbitrary unintended commands on the web server, a different vulnerability than CVE-2019-16364.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. The AprolLoader could be used to inject and execute arbitrary unintended commands via an unspecified attack scenario, a different vulnerability than CVE-2019-16364.
- risk 0.61cvss 9.4epss 0.01
Missing authentication when creating and managing the B&R APROL database in versions < R 4.2-07 allows reading and changing the system configuration.
- risk 0.60cvss —epss 0.00
An improper control of generation of code ('Code Injection') vulnerability in the AprolCreateReport component of B&R APROL <4.4-00P5 may allow an unauthenticated network-based attacker to read files from the local system.
- risk 0.57cvss —epss 0.00
An Exposure of Sensitive System Information to an Unauthorized Control Sphere and Initialization of a Resource with an Insecure Default vulnerability in the SNMP component of B&R APROL <4.4-00P5 may allow an unauthenticated adjacent-based attacker to read and alter configuration…
- risk 0.55cvss —epss 0.00
An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the SSH server on B&R APROL <4.4-00P1 may allow an authenticated local attacker from a trusted remote server to execute malicious commands.
- risk 0.55cvss —epss 0.00
An Incomplete Filtering of Special Elements vulnerability in scripts using the SSH server on B&R APROL <4.4-00P5 may allow an authenticated local attacker to authenticate as another legitimate user.
- risk 0.55cvss —epss 0.00
An Incorrect Permission Assignment for Critical Resource vulnerability in the file system used in B&R APROL <4.4-01 may allow an authenticated local attacker to read and alter the configuration of another engineering or runtime user.
- risk 0.51cvss 7.8epss 0.00
An untrusted search path vulnerability in B&R APROL <= R 4.4-00P3 may be used by an authenticated local attacker to get other users to execute arbitrary code under their privileges.
- risk 0.51cvss 7.8epss 0.00
An untrusted search path vulnerability in the AprolConfigureCCServices of B&R APROL <= R 4.2.-07P3 and <= R 4.4-00P3 may allow an authenticated local attacker to execute arbitrary code with elevated privileges.
- risk 0.49cvss 7.5epss 0.01
B&R APROL versions < R 4.2-07 doesn’t process correctly specially formatted data packages sent to port 55502/tcp, which may allow a network based attacker to cause an application Denial-of-Service.
- risk 0.49cvss 7.5epss 0.01
Insufficient check of preconditions could lead to Denial of Service conditions when calling commands on the Tbase server of B&R APROL versions < R 4.2-07.
- risk 0.49cvss 7.5epss 0.01
Lack of verification in B&R APROL Tbase server versions < R 4.2-07 may lead to memory leaks when receiving messages
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get access to historical data from AprolSqlServer by bypassing authentication, a different vulnerability than CVE-2019-16358.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get information from the AprolSqlServer DBMS by bypassing authentication, a different vulnerability than CVE-2019-16356 and CVE-2019-9983.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. PVs could be changed (unencrypted) by using the IosHttp service and the JSON interface.
- risk 0.47cvss —epss 0.00
An Allocation of Resources Without Limits or Throttling vulnerability in the operating system network configuration used in B&R APROL <4.4-00P5 may allow an unauthenticated adjacent attacker to per-form Denial-of-Service (DoS) attacks against the product.
Page 1 of 2