Primary

Context

B&R APROL Web Portal Improper Input Neutralization Vulnerability Allowing Code Injection

Vulnerability

A vulnerability allowing improper neutralization of input during web page generation has been identified in the APROL Web Portal, specifically in B&R APROL versions prior to 4.4-00P5. This vulnerability may enable an authenticated network-based attacker to inject malicious code that is executed within the context of the user's browser session.

Impact

Exploitation of this vulnerability could lead to code injection, allowing the injected code to be executed in the context of the user's browser session.

Remediation

Users are advised to upgrade to B&R APROL version 4.4-01 or version 4.4-00P5 or later. After applying the update, it is recommended to change all passwords and secrets, as some vulnerabilities may have compromised credential confidentiality.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

5.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

5.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

B&R APROL Web Portal Improper Input Neutralization Vulnerability Allowing Code Injection

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating