CVE-2024-5623
EUVD-2024-4680429.08.2024, 11:15
An untrusted search path vulnerability in B&R APROL <= R 4.4-00P3 may be used by an authenticated local attacker to get other users to execute arbitrary code under their privileges.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| br-automation | industrial_automation_aprol | 𝑥 ≤ r4.4-00p3 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| br-automation | industrial_automation_aprol | 𝑥 ≤ r4.4-00p3 | ADP |
Common Weakness Enumeration
- CWE-250 - Execution with Unnecessary PrivilegesThe software performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
- CWE-426 - Untrusted Search PathThe application searches for critical resources using an externally-supplied search path that can point to resources that are not under the application's direct control.