B&R APROL Session Handling Vulnerability Allowing User Session Takeover

A vulnerability exists in B&R APROL versions prior to 4.4-00P5, related to an incorrect implementation of the authentication algorithm and improper session handling. This flaw may enable an authenticated network attacker to hijack an active user session without needing login credentials.

Impact

Exploitation of this vulnerability could lead to unauthorized takeover of user sessions, allowing attackers to impersonate users and potentially access sensitive information or perform actions on behalf of the user.

Remediation

Users are advised to upgrade to B&R APROL version 4.4-01 or, for versions 4.4-00, to upgrade to 4.4-00P1 or later. After applying the update, it is recommended to change all passwords or secrets, as some vulnerabilities may have compromised credential confidentiality.