CVE-2024-5622

Name of the Vulnerable Software and Affected Versions B&R APROL versions R 4.2.-07P3 and R 4.4-00P3

Description An untrusted search path vulnerability in the AprolConfigureCCServices of B&R APROL may allow an authenticated local attacker to execute arbitrary code with elevated privileges.

Recommendations For B&R APROL versions R 4.2.-07P3 and R 4.4-00P3, consider restricting access to the AprolConfigureCCServices until a patch is available. As a temporary workaround, consider disabling the execution of arbitrary code in the AprolConfigureCCServices to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.