CVE-2024-45480
CVE-2024-45480
9.2
CriticalPublished:
Last updated:
Source:cybersecurity@ch.abb.com
Deferred
Weakness (CWE)
CVSS Vector
v4.0- Attack Vector
- Network
- Attack Complexity
- Low
- Attack Requirements
- None
- Privileges Required
- None
- User Interaction
- None
- Confidentiality (Vulnerable)
- High
- Integrity (Vulnerable)
- None
- Availability (Vulnerable)
- None
- Confidentiality (Subsequent)
- High
- Integrity (Subsequent)
- None
- Availability (Subsequent)
- None
Description
An improper control of generation of code ('Code Injection') vulnerability in the AprolCreateReport component of B&R APROL <4.4-00P5 may allow an unauthenticated network-based attacker to read files from the local system.
References
cybersecurity@ch.abb.com
https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf