SB2025040450 - Multiple vulnerabilities in B&R APROL

Description

This security bulletin contains information about 13 secuirty vulnerabilities.

1) Missing Authentication for Critical Function (CVE-ID: CVE-2024-45483)

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to missing authentication for critical function in the GRUB configuration. An attacker with physical access can alter the boot configuration of the operating system.

2) Incorrect permission assignment for critical resource (CVE-ID: CVE-2024-10209)

The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to incorrect permission assignment for critical resource in the file system. A local user can read and alter the configuration of another engineering or runtime user.

3) Inclusion of Functionality from Untrusted Control Sphere (CVE-ID: CVE-2024-45482)

The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to inclusion of functionality from untrusted control sphere in the SSH server. A local user can execute arbitrary commands on the system.

4) Incomplete Filtering of Special Elements (CVE-ID: CVE-2024-45481)

The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to incomplete filtering of special elements in scripts using the SSH server. A local user can authenticate as another legitimate user.

5) Code Injection (CVE-ID: CVE-2024-45480)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation in the AprolCreateReport component. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

6) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2024-8315)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to improper handling of insufficient permissions or privileges in scripts. A local user can gain unauthorized access to sensitive information on the system.

7) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2024-45484)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to allocation of resources without limits or throttling in the operating system network configuration. A remote attacker on the local network can cause a denial of service condition on the target system.

8) Exposure of Sensitive System Information to an Unauthorized Control Sphere (CVE-ID: CVE-2024-8313)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to exposure of sensitive system information to an unauthorized control sphere in the SNMP component. A remote attacker on the local network can read and alter configuration using SNMP.

9) Incorrect Implementation of Authentication Algorithm (CVE-ID: CVE-2024-8314)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to incorrect implementation of authentication algorithm in the session handling. A remote user can take over a currently active user session without login credentials.

10) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2024-10206)

The disclosed vulnerability allows a remote attacker to perform SSRF attacks.

The vulnerability exists due to insufficient validation of user-supplied input in the APROL Web Portal. A remote attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.

Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.

11) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2024-10207)

The disclosed vulnerability allows a remote attacker to perform SSRF attacks.

The vulnerability exists due to insufficient validation of user-supplied input in the APROL Web Portal. A remote user can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.

Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.

12) Cross-site scripting (CVE-ID: CVE-2024-10208)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in the APROL Web Portal. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

13) External Control of File Name or Path (CVE-ID: CVE-2024-10210)

The vulnerability allows a remote attacker to read arbitrary files.

The vulnerability exists due to external control of file name or path in the APROL Web Portal. A remote user can access data from the file system.

Remediation

Install update from vendor's website.

References

• https://www.cisa.gov/news-events/ics-advisories/icsa-25-093-05
• https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf