PatchSiren cyber security CVE debrief
CVE-2024-10206 B&R Industrial Automation GmbH CVE debrief
CVE-2024-10206 is a server-side request forgery (SSRF) issue in the APROL Web Portal used by B&R APROL versions before 4.4-00P5. According to the CISA CSAF advisory, an unauthenticated network-based attacker may be able to make the web server request arbitrary URLs. The supplied advisory rates the issue as medium severity with a confidentiality impact, and B&R recommends patching or upgrading to a non-vulnerable version as soon as practical.
- Vendor
- B&R Industrial Automation GmbH
- Product
- B&R APROL
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-03-24
- Original CVE updated
- 2025-03-24
- Advisory published
- 2025-03-24
- Advisory updated
- 2025-03-24
Who should care
Operators and administrators of B&R APROL deployments, especially environments where the APROL Web Portal is reachable from less-trusted networks. OT/ICS security teams and defenders responsible for patching, access control, and exposure review should treat this as relevant even though the CVSS score is medium.
Technical summary
The advisory describes an SSRF condition in the APROL Web Portal in B&R APROL <4.4-00P5. The reported attack vector is network-based and unauthenticated, with low attack complexity and no user interaction required (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). The primary impact identified in the supplied data is limited confidentiality impact. Remediation guidance in the advisory is to apply the patch or upgrade to a non-vulnerable version, and to change secrets/passwords after updating because some listed vulnerabilities may affect credentials.
Defensive priority
Medium priority. Remediate any exposed or broadly reachable APROL Web Portal instance promptly, with highest attention on systems accessible from untrusted networks or integrated into sensitive OT environments.
Recommended defensive actions
- Upgrade B&R APROL to version 4.4-00P5 or later, or apply the vendor patch if that is the supported remediation path.
- Confirm whether any deployed APROL Web Portal instances are running a vulnerable version before and after maintenance.
- Review network exposure for the APROL Web Portal and restrict access to trusted management networks where possible.
- Apply the vendor's post-update guidance and change relevant secrets/passwords after updating.
- Validate that the installed product version matches the vendor's documented remediation state and retain evidence of patch completion.
Evidence notes
The supplied CISA CSAF source for ICSA-25-093-05 states: affected product is 'B&R APROL < 4.4-00P5'; vulnerability description is 'A Server-Side Request Forgery vulnerability in the APROL Web Portal used in B&R APROL <4.4-00P5 may allow an unauthenticated network-based attacker to force the web server to request arbitrary URLs.' The same source includes CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N and remediation text recommending patching or upgrading to a non-vulnerable version, with a post-update recommendation to change secrets/passwords. The record also links official CISA and vendor references, but the supplied corpus does not include their full contents.
Official resources
-
CVE-2024-10206 CVE record
CVE.org
-
CVE-2024-10206 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published the advisory for CVE-2024-10206 as ICSA-25-093-05 on 2025-03-24, and the supplied record shows the same date for initial publication and revision 1.0.0. No Known Exploited Vulnerabilities (KEV) listing is present in the user-