CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5624 – Reflected Cross-Site Scripting (XSS) in Shift Logbook application of B&R APROL
https://notcve.org/view.php?id=CVE-2024-5624
29 Aug 2024 — Reflected Cross-Site Scripting (XSS) in Shift Logbook application of B&R APROL <= R 4.4-00P3 may allow a network-based attacker to execute arbitrary JavaScript code in the context of the user's browser session • https://www.br-automation.com/fileadmin/SA24P2014_Multiple_vulnerabilities_in_BR_APROL.pdf-367290ae.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5623 – Untrusted search path vulnerability in B&R APROL
https://notcve.org/view.php?id=CVE-2024-5623
29 Aug 2024 — An untrusted search path vulnerability in B&R APROL <= R 4.4-00P3 may be used by an authenticated local attacker to get other users to execute arbitrary code under their privileges. • https://www.br-automation.com/fileadmin/SA24P2014_Multiple_vulnerabilities_in_BR_APROL.pdf-367290ae.pdf • CWE-250: Execution with Unnecessary Privileges CWE-267: Privilege Defined With Unsafe Actions •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-5622 – Untrusted search path vulnerability in the AprolConfigureCCServices of B&R APROL
https://notcve.org/view.php?id=CVE-2024-5622
29 Aug 2024 — An untrusted search path vulnerability in the AprolConfigureCCServices of B&R APROL <= R 4.2.-07P3 and <= R 4.4-00P3 may allow an authenticated local attacker to execute arbitrary code with elevated privileges. • https://www.br-automation.com/fileadmin/SA24P2014_Multiple_vulnerabilities_in_BR_APROL.pdf-367290ae.pdf • CWE-250: Execution with Unnecessary Privileges CWE-267: Privilege Defined With Unsafe Actions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43765 – DoS in APROLs Tbase server
https://notcve.org/view.php?id=CVE-2022-43765
08 Feb 2023 — B&R APROL versions < R 4.2-07 doesn’t process correctly specially formatted data packages sent to port 55502/tcp, which may allow a network based attacker to cause an application Denial-of-Service. B&R APROL versions < R 4.2-07 doesn’t process correctly specially formatted data packages sent to port 55502/tcp, which may allow a network based attacker to cause an application Denial-of-Service. • https://www.br-automation.com/downloads_br_productcatalogue/assets/1674823095245-en-original-1.0.pdf • CWE-252: Unchecked Return Value •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43764 – Buffer overflow when changing configuration on Tbase Server
https://notcve.org/view.php?id=CVE-2022-43764
08 Feb 2023 — Insufficient validation of input parameters when changing configuration on Tbase server in B&R APROL versions < R 4.2-07 could result in buffer overflow. This may lead to Denial-of-Service conditions or execution of arbitrary code. Insufficient validation of input parameters when changing configuration on Tbase server in B&R APROL versions < R 4.2-07 could result in buffer overflow. This may lead to Denial-of-Service conditions or execution of arbitrary code. • https://www.br-automation.com/downloads_br_productcatalogue/assets/1674823095245-en-original-1.0.pdf • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43763 – Lack of checking preconditions in APROL
https://notcve.org/view.php?id=CVE-2022-43763
08 Feb 2023 — Insufficient check of preconditions could lead to Denial of Service conditions when calling commands on the Tbase server of B&R APROL versions < R 4.2-07. Insufficient check of preconditions could lead to Denial of Service conditions when calling commands on the Tbase server of B&R APROL versions < R 4.2-07. • https://www.br-automation.com/downloads_br_productcatalogue/assets/1674823095245-en-original-1.0.pdf • CWE-252: Unchecked Return Value •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43762 – Memory leak when receiving messages in APROL Tbase server
https://notcve.org/view.php?id=CVE-2022-43762
08 Feb 2023 — Lack of verification in B&R APROL Tbase server versions < R 4.2-07 may lead to memory leaks when receiving messages Lack of verification in B&R APROL Tbase server versions < R 4.2-07 may lead to memory leaks when receiving messages • https://www.br-automation.com/downloads_br_productcatalogue/assets/1674823095245-en-original-1.0.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43761 – Lack of authentication when managing APROL database
https://notcve.org/view.php?id=CVE-2022-43761
08 Feb 2023 — Missing authentication when creating and managing the B&R APROL database in versions < R 4.2-07 allows reading and changing the system configuration. Missing authentication when creating and managing the B&R APROL database in versions < R 4.2-07 allows reading and changing the system configuration. • https://www.br-automation.com/downloads_br_productcatalogue/assets/1674823095245-en-original-1.0.pdf • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-19878
https://notcve.org/view.php?id=CVE-2019-19878
27 Nov 2020 — An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get access to historical data from AprolSqlServer by bypassing authentication, a different vulnerability than CVE-2019-16358. Se detectó un problema en B&R Industrial Automation APROL versiones anteriores a R4.2 V7.08. Un atacante puede conseguir acceso a datos históricos de AprolSqlServer al omitir una autenticación, una vulnerabilidad diferente de CVE-2019-16358 • https://www.br-automation.com/downloads_br_productcatalogue/BRP44400000000000000585952/APROL_R42_A1_ReleaseNotes_001.pdf •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-19877
https://notcve.org/view.php?id=CVE-2019-19877
27 Nov 2020 — An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get access to sensitive information outside the working directory via Directory Traversal attacks against AprolSqlServer, a different vulnerability than CVE-2019-16357. Se detectó un problema en B&R Industrial Automation APROL versiones anteriores a R4.2 V7.08. Un atacante puede conseguir acceso a información confidencial fuera del directorio de trabajo por medio de ataques de Salto de Directorio contra Ap... • https://www.br-automation.com/downloads_br_productcatalogue/BRP44400000000000000585952/APROL_R42_A1_ReleaseNotes_001.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •