#VU106991 Missing Authentication for Critical Function in APROL - CVE-2024-45483
Published: April 4, 2025
Vulnerability identifier: #VU106991
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-45483
CWE-ID: CWE-306
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
APROL
APROL
Software vendor:
B&R Industrial Automation GmbH
B&R Industrial Automation GmbH
Description
The vulnerability allows a local attacker to compromise the target system.
The vulnerability exists due to missing authentication for critical function in the GRUB configuration. An attacker with physical access can alter the boot configuration of the operating system.
Remediation
Install updates from vendor's website.