Undergoing Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
CVE has been recently published to the CVE List and has been received by the NVD.
Products
B&R APROL
- <= R 4.2.-07P3
- <= R 4.4-00P3
Source
cybersecurity@ch.abb.com
Tags
CVE-2024-5622 details
Published : Aug. 29, 2024, 11:15 a.m.
Last Modified : Aug. 29, 2024, 1:25 p.m.
Last Modified : Aug. 29, 2024, 1:25 p.m.
Description
An untrusted search path vulnerability in the AprolConfigureCCServices of B&R APROL <= R 4.2.-07P3 and <= R 4.4-00P3 may allow an authenticated local attacker to execute arbitrary code with elevated privileges.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-250 | Execution with Unnecessary Privileges | The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. |
References
| URL | Source |
|---|---|
| https://www.br-automation.com/fileadmin/SA24P2014_Multiple_vulnerabilities_in_BR_APROL.pdf-367290ae.pdf | cybersecurity@ch.abb.com |
This website uses the NVD API, but is not approved or certified by it.