CVE-2019-19875

Name of the Vulnerable Software and Affected Versions B&R Industrial Automation APROL versions prior to R4.2 V7.08

Description An issue was discovered that allows arbitrary commands to be injected using Python scripts via the AprolCluster script. This script is invoked via sudo, thus executing with root privileges.

Recommendations For versions prior to R4.2 V7.08, update to version R4.2 V7.08 or later to resolve the issue. As a temporary workaround, consider restricting the execution of the AprolCluster script to minimize the risk of exploitation.