CVE-2024-5622
EUVD-2024-4680329.08.2024, 11:15
An untrusted search path vulnerability in the AprolConfigureCCServices of B&R APROL <= R 4.2.-07P3 and <= R 4.4-00P3 may allow an authenticated local attacker to execute arbitrary code with elevated privileges.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| br-automation | industrial_automation_aprol | 𝑥 ≤ r4.2-07p3 |
| br-automation | industrial_automation_aprol | r4.3-00p3 ≤ 𝑥 ≤ r4.4-00p3 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| b_and_r_industrial_automotion | b_and_r_aprol | 𝑥 ≤ R 4.2-07P3 | ADP |
| b_and_r_industrial_automotion | b_and_r_aprol | 𝑥 ≤ R 4.4-00P3 | ADP |
Common Weakness Enumeration
- CWE-250 - Execution with Unnecessary PrivilegesThe software performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
- CWE-426 - Untrusted Search PathThe application searches for critical resources using an externally-supplied search path that can point to resources that are not under the application's direct control.