CVE-2024-5622
29.08.2024, 11:15
An untrusted search path vulnerability in the AprolConfigureCCServices of B&R APROL <= R 4.2.-07P3 and <= R 4.4-00P3 may allow an authenticated local attacker to execute arbitrary code with elevated privileges.Enginsight
| Vendor | Product | Version |
|---|---|---|
| br-automation | industrial_automation_aprol | 𝑥 ≤ r4.2-07p3 |
| br-automation | industrial_automation_aprol | r4.3-00p3 ≤ 𝑥 ≤ r4.4-00p3 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-250 - Execution with Unnecessary PrivilegesThe software performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
- CWE-426 - Untrusted Search PathThe application searches for critical resources using an externally-supplied search path that can point to resources that are not under the application's direct control.