Br-automation Industrial Automation Aprol — known CVE vulnerabilities
Every CVE whose affected-product data names Br-automation Industrial Automation Aprol, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (16)
CVE-2019-19872 — CVSS 9.8 (critical): An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. The AprolLoader could be used to inject and execute arbitrary…
CVE-2019-19874 — CVSS 9.8 (critical): An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. Some web scripts in the web interface allowed injection and…
CVE-2019-19875 — CVSS 9.8 (critical): An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. Arbitrary commands could be injected (using Python scripts)…
CVE-2022-43764 — CVSS 9.8 (critical): Insufficient validation of input parameters when changing configuration on Tbase server in B&R APROL versions < R 4.2-07 could result in…
CVE-2019-19876 — CVSS 9.8 (critical): An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An EnMon PHP script was vulnerable to SQL injection, a…
CVE-2022-43761 — CVSS 9.4 (critical): Missing authentication when creating and managing the B&R APROL database in versions < R 4.2-07 allows reading and changing the system…
CVE-2024-5622 — CVSS 7.8 (high): An untrusted search path vulnerability in the AprolConfigureCCServices of B&R APROL <= R 4.2.-07P3 and <= R 4.4-00P3 may allow an…
CVE-2024-5623 — CVSS 7.8 (high): An untrusted search path vulnerability in B&R APROL <= R 4.4-00P3 may be used by an authenticated local attacker to get other users to…
CVE-2019-19869 — CVSS 7.5 (high): An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. PVs could be changed (unencrypted) by using the IosHttp…
CVE-2019-19873 — CVSS 7.5 (high): An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get information from the AprolSqlServer DBMS…
CVE-2019-19878 — CVSS 7.5 (high): An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get access to historical data from…
CVE-2022-43762 — CVSS 7.5 (high): Lack of verification in B&R APROL Tbase server versions < R 4.2-07 may lead to memory leaks when receiving messages
CVE-2022-43763 — CVSS 7.5 (high): Insufficient check of preconditions could lead to Denial of Service conditions when calling commands on the Tbase server of B&R APROL…
CVE-2022-43765 — CVSS 7.5 (high): B&R APROL versions < R 4.2-07 doesn’t process correctly specially formatted data packages sent to port 55502/tcp, which may allow a…
CVE-2024-5624 — CVSS 6.1 (medium): Reflected Cross-Site Scripting (XSS) in Shift Logbook application of B&R APROL <= R 4.4-00P3 may allow a network-based attacker to execute…
CVE-2019-19877 — CVSS 5.3 (medium): An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get access to sensitive information outside…