Vulnerabilities > BR Automation > Industrial Automation Aprol > r4.2.07

DATE CVE VULNERABILITY TITLE RISK
2024-08-29 CVE-2024-5622 Untrusted Search Path vulnerability in Br-Automation Industrial Automation Aprol
An untrusted search path vulnerability in the AprolConfigureCCServices of B&R APROL <= R 4.2.-07P3 and <= R 4.4-00P3 may allow an authenticated local attacker to execute arbitrary code with elevated privileges.
local
low complexity
br-automation CWE-426
7.8
7.8
2024-08-29 CVE-2024-5623 Untrusted Search Path vulnerability in Br-Automation Industrial Automation Aprol
An untrusted search path vulnerability in B&R APROL <= R 4.4-00P3 may be used by an authenticated local attacker to get other users to execute arbitrary code under their privileges.
local
low complexity
br-automation CWE-426
7.8
7.8
2024-08-29 CVE-2024-5624 Cross-site Scripting vulnerability in Br-Automation Industrial Automation Aprol
Reflected Cross-Site Scripting (XSS) in Shift Logbook application of B&R APROL <= R 4.4-00P3 may allow a network-based attacker to execute arbitrary JavaScript code in the context of the user's browser session
network
low complexity
br-automation CWE-79
6.1
6.1