CVE-2024-5623 MEDIUM

CVE-2024-5623: Untrusted search path vulnerability in B&R APROL

Vendor B&R Industrial Automation
Product B&R APROL
Weakness CWE-250
Published August 29, 2024
Last update August 29, 2024

CVSS base score

5.4/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

An untrusted search path vulnerability in B&R APROL <= R 4.4-00P3 may be used by an authenticated local attacker to get other users to execute arbitrary code under their privileges.

Key dates

02Disclosure timeline

August 29, 2024 CVE published
August 29, 2024 Record updated