Undergoing Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
CVE has been recently published to the CVE List and has been received by the NVD.
Products
B&R APROL
- <= R 4.4-00P3
Source
cybersecurity@ch.abb.com
Tags
CVE-2024-5623 details
Published : Aug. 29, 2024, 11:15 a.m.
Last Modified : Aug. 29, 2024, 1:25 p.m.
Last Modified : Aug. 29, 2024, 1:25 p.m.
Description
An untrusted search path vulnerability in B&R APROL <= R 4.4-00P3 may be used by an authenticated local attacker to get other users to execute arbitrary code under their privileges.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-250 | Execution with Unnecessary Privileges | The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. |
References
| URL | Source |
|---|---|
| https://www.br-automation.com/fileadmin/SA24P2014_Multiple_vulnerabilities_in_BR_APROL.pdf-367290ae.pdf | cybersecurity@ch.abb.com |
This website uses the NVD API, but is not approved or certified by it.