Missing Authentication for Critical Function in APROL - CVE-2024-45483
Published: April 4, 2025
Vulnerability identifier: #VU106991
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-45483
CWE-ID: CWE-306
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: B&R Industrial Automation GmbH
Affected software:
APROL
APROL
Detailed vulnerability description
The vulnerability allows a local attacker to compromise the target system.
The vulnerability exists due to missing authentication for critical function in the GRUB configuration. An attacker with physical access can alter the boot configuration of the operating system.
How to mitigate CVE-2024-45483
Install updates from vendor's website.