CVE-2024-8315— Improper Handling of Insufficient Permissions or Privileges in B&R APROL
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-8315
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Handling of Insufficient Permissions or Privileges in B&R APROL
Source: NVD (National Vulnerability Database)
Vulnerability Description
An Improper Handling of Insufficient Permissions or Privileges vulnerability in scripts used in B&R APROL <4.4-00P5 may allow an authenticated local attacker to read credential information.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
不充分权限或特权的处理不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
B&R Industrial Automation B&R APROL 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
B&R Industrial Automation B&R APROL是奥地利贝加莱工业自动化(B&R Industrial Automation)公司的一个过程控制系统。 B&R Industrial Automation B&R APROL 4.4-00P5之前版本存在安全漏洞,该漏洞源于脚本处理权限不足,可能导致经过身份验证的本地攻击者读取凭据信息。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| B&R Industrial Automation | B&R APROL | R4.4 ~ 4.4-00P5 | - |
II. Public POCs for CVE-2024-8315
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-8315
请登录查看更多情报信息。
Same Patch Batch · B&R Industrial Automation · 2025-03-25 · 4 CVEs total
| CVE-2024-45480 | Unauthorized local file reading in B&R APROL | |
| CVE-2024-45482 | Privilege escalation in B&R APROL | |
| CVE-2024-45481 | Improper authentication in SSH of B&R APROL |
IV. Related Vulnerabilities
Same product: B&R APROL
Same vendor: B&R Industrial Automation
Same weakness: CWE-280
- CVE-2026-6805
Vulnerability on Cryptobox external sharing feature - CVE-2026-20448
MediaTek Chipsets 安全漏洞 - CVE-2026-27910
Windows Installer Elevation of Privilege Vulnerability - CVE-2026-24096
Insufficient permission validation on multiple REST API Quic - CVE-2026-2123
Privilege escalation vulnerability in Operations Agent
V. Comments for CVE-2024-8315
No comments yet