CVE-2024-8313

Summary

An Exposure of Sensitive System Information to an Unauthorized Control Sphere and Initialization of a Resource with an Insecure Default vulnerability in the SNMP component of B&R APROL <4.4-00P5 may allow an unauthenticated adjacent-based attacker to read and alter configuration using SNMP.

Affected Software

VendorProductVersion RangeStatus
B&R Industrial Automation GmbHAPROL4.4 < 4.4-00P5affected

Weaknesses

  • CWE-497: CWE-497 Exposure of Sensitive System Information
  • CWE-1188: CWE-1188 Insecure Default Initialization of Resource

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References