SB2025040450 - Multiple vulnerabilities in B&R APROL
Published: April 4, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 13 vulnerabilities.
1) Missing Authentication for Critical Function (CVE-ID: CVE-2024-45483)
CWE-ID: CWE-306 - Missing Authentication for Critical Function
CVSSv4: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to compromise the target system.
The vulnerability exists due to missing authentication for critical function in the GRUB configuration. An attacker with physical access can alter the boot configuration of the operating system.
2) Incorrect permission assignment for critical resource (CVE-ID: CVE-2024-10209)
CWE-ID: CWE-732 - Incorrect Permission Assignment for Critical Resource
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to compromise the target system.
The vulnerability exists due to incorrect permission assignment for critical resource in the file system. A local user can read and alter the configuration of another engineering or runtime user.
3) Inclusion of Functionality from Untrusted Control Sphere (CVE-ID: CVE-2024-45482)
CWE-ID: CWE-829 - Inclusion of Functionality from Untrusted Control Sphere
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to compromise the target system.
The vulnerability exists due to inclusion of functionality from untrusted control sphere in the SSH server. A local user can execute arbitrary commands on the system.
4) Incomplete Filtering of Special Elements (CVE-ID: CVE-2024-45481)
CWE-ID: CWE-791 - Incomplete Filtering of Special Elements
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to compromise the target system.
The vulnerability exists due to incomplete filtering of special elements in scripts using the SSH server. A local user can authenticate as another legitimate user.
5) Code Injection (CVE-ID: CVE-2024-45480)
CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in the AprolCreateReport component. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
6) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2024-8315)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to improper handling of insufficient permissions or privileges in scripts. A local user can gain unauthorized access to sensitive information on the system.
7) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2024-45484)
CWE-ID: CWE-770 - Allocation of Resources Without Limits or Throttling
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to allocation of resources without limits or throttling in the operating system network configuration. A remote attacker on the local network can cause a denial of service condition on the target system.
8) Exposure of Sensitive System Information to an Unauthorized Control Sphere (CVE-ID: CVE-2024-8313)
CWE-ID: CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to exposure of sensitive system information to an unauthorized control sphere in the SNMP component. A remote attacker on the local network can read and alter configuration using SNMP.
9) Incorrect Implementation of Authentication Algorithm (CVE-ID: CVE-2024-8314)
CWE-ID: CWE-303 - Incorrect Implementation of Authentication Algorithm
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:U/U:Green
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to incorrect implementation of authentication algorithm in the session handling. A remote user can take over a currently active user session without login credentials.
10) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2024-10206)
CWE-ID: CWE-918 - Server-Side Request Forgery (SSRF)
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/U:Green
The disclosed vulnerability allows a remote attacker to perform SSRF attacks.
The vulnerability exists due to insufficient validation of user-supplied input in the APROL Web Portal. A remote attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.
Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.
11) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2024-10207)
CWE-ID: CWE-918 - Server-Side Request Forgery (SSRF)
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/U:Green
The disclosed vulnerability allows a remote attacker to perform SSRF attacks.
The vulnerability exists due to insufficient validation of user-supplied input in the APROL Web Portal. A remote user can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.
Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.
12) Cross-site scripting (CVE-ID: CVE-2024-10208)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in the APROL Web Portal. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
13) External Control of File Name or Path (CVE-ID: CVE-2024-10210)
CWE-ID: CWE-73 - External Control of File Name or Path
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to read arbitrary files.
The vulnerability exists due to external control of file name or path in the APROL Web Portal. A remote user can access data from the file system.
Remediation
Install update from vendor's website.