B&R APROL

Plan Patch8.8ICS-CERT ICSA-25-093-05Mar 24, 2025

Attack VectorAdjacent

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

B&R APROL contains multiple vulnerabilities (privilege escalation and information disclosure) in versions prior to 4.4-00P1. An unauthenticated attacker on the network can exploit these to gain administrative access or steal credentials and sensitive data. The vulnerabilities span CWE-829, CWE-791, CWE-94, and several others indicating flaws in resource management, code injection, and insufficient access controls. B&R recommends applying patches at the earliest convenience and resetting all passwords post-update due to potential credential exposure.

What this means

What could happen

An attacker on the same network could gain administrative control of APROL systems or steal credentials and sensitive data, potentially allowing them to modify process parameters, shut down operations, or maintain persistent access to the control system.

Who's at risk

Water and wastewater utilities, power generation and distribution, food and beverage processing, and discrete manufacturing that rely on B&R APROL process control and automation systems. This affects the supervisory control layer (SCADA) and process optimization functions running on versions prior to 4.4-00P1.

How it could be exploited

An attacker with network access to an APROL system could exploit one of these privilege escalation or information disclosure vulnerabilities to gain elevated privileges or extract credentials. No authentication is required for exploitation. Successful exploitation could allow the attacker to run commands with administrative rights or access sensitive configuration and credential data.

Prerequisites

Network access to APROL system (adjacent network, not necessarily internet-facing)
No credentials required

remotely exploitable (adjacent network)no authentication requiredlow complexity attackprivilege escalationcredential disclosureaffects process controlCVSS 8.8 (high severity)

Exploitability

Low exploit probability (EPSS 0.4%)

Affected products (3)

3 with fix

ProductAffected VersionsFix Status

APROL < 4.4-00P1<4.4-00P1>=4.4-00P1

APROL < 4.4-00P5<4.4-00P5>=4.4-00P1

APROL < 4.4-01<4.4-01>=4.4-00P1

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGAfter applying the patch, change all administrative passwords and secrets stored in APROL, as these vulnerabilities may have exposed credentials

HARDENINGIsolate APROL systems from the corporate network behind a firewall; restrict network access to engineering workstations only

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXApply B&R APROL firmware patch: upgrade to version 4.4-00P1 or later (4.4-01 for versions 4.4-01 and later)

Long-term hardening

0/1

HARDENINGIf remote access to APROL is necessary, implement VPN access with multi-factor authentication and restrict to specific user accounts

CVEs (13)

CVE-2024-45482 CVE-2024-45481 CVE-2024-45480 CVE-2024-8315 CVE-2024-45484 CVE-2024-45483 CVE-2024-8313 CVE-2024-8314 CVE-2024-10206 CVE-2024-10207 CVE-2024-10208 CVE-2024-10210 CVE-2024-10209

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/a8d709df-a40f-45fa-ad95-52ef4a92b309