Primary

Context

B&R APROL Missing Authentication for Critical Function Vulnerability Allowing Boot Configuration Alteration

Vulnerability

A vulnerability has been identified in B&R APROL versions prior to 4.4-01, allowing an unauthenticated physical attacker to modify the operating system's boot configuration. This issue arises from missing authentication for critical functions in the GRUB configuration.

Impact

Exploitation of this vulnerability could lead to unauthorized changes in the boot configuration, potentially allowing for privilege escalation or manipulation of the operating system's startup process.

Remediation

Users are advised to upgrade to B&R APROL version 4.4-01 or later. Instructions for installing updates are available in the user manual. After applying the update, it is recommended to change all passwords and secrets, as some vulnerabilities may have compromised credential confidentiality.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

B&R APROL Missing Authentication for Critical Function Vulnerability Allowing Boot Configuration Alteration

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating