VYPR

APROL

by B&R Industrial Automation

CVEs (26)

  • CVE-2024-45483HigMar 25, 2025
    risk 0.46cvss epss 0.00

    A Missing Authentication for Critical Function vulnerability in the GRUB configuration used B&R APROL <4.4-01 may allow an unauthenticated physical attacker to alter the boot configuration of the operating system.

  • CVE-2024-10206MedMar 25, 2025
    risk 0.45cvss epss 0.00

    A Server-Side Request Forgery vulnerability in the APROL Web Portal used in B&R APROL <4.4-00P5 may allow an unauthenticated network-based attacker to force the web server to request arbitrary URLs.

  • CVE-2024-8315MedMar 25, 2025
    risk 0.44cvss epss 0.00

    An Improper Handling of Insufficient Permissions or Privileges vulnerability in scripts used in B&R APROL <4.4-00P5 may allow an authenticated local attacker to read credential information.

  • CVE-2024-5624MedAug 29, 2024
    risk 0.40cvss 6.1epss 0.00

    Reflected Cross-Site Scripting (XSS) in Shift Logbook application of B&R APROL <= R 4.4-00P3 may allow a network-based attacker to execute arbitrary JavaScript code in the context of the user's browser session

  • CVE-2024-8314MedMar 25, 2025
    risk 0.36cvss epss 0.00

    An Incorrect Implementation of Authentication Algorithm and Exposure of Data Element to Wrong Ses-sion vulnerability in the session handling used in B&R APROL <4.4-00P5 may allow an authenticated network attacker to take over a currently active user session without login…

  • CVE-2019-19877MedNov 27, 2020
    risk 0.35cvss 5.3epss 0.01

    An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get access to sensitive information outside the working directory via Directory Traversal attacks against AprolSqlServer, a different vulnerability than CVE-2019-16357.

Page 2 of 2