Primary

Context

B&R APROL SSH Server Vulnerability Allowing Local Command Execution

Vulnerability

Patched

A vulnerability has been identified in the SSH server of B&R APROL versions prior to 4.4-00P1. This vulnerability allows an authenticated local attacker from a trusted remote server to execute malicious commands, due to an inclusion of functionality from an untrusted control sphere.

Impact

Exploitation of this vulnerability could lead to unauthorized command execution on the affected system.

Remediation

Users are advised to upgrade to B&R APROL version 4.4-01 or version 4.4-00P5. After applying the update, it is recommended to change all passwords and secrets, as some vulnerabilities could have compromised credential confidentiality.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

3.5

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

3.5

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

B&R APROL SSH Server Vulnerability Allowing Local Command Execution

Vulnerability

Impact

Remediation

Affected Products

B&R APROL

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating