PatchSiren cyber security CVE debrief
CVE-2024-10209 B&R Industrial Automation GmbH CVE debrief
CVE-2024-10209 is a high-severity local privilege/permission issue in the file system used by B&R APROL <4.4-01. According to the CISA CSAF advisory published on 2025-03-24, an authenticated local attacker may be able to read and alter the configuration of another engineering or runtime user. B&R recommends patching or upgrading to a non-vulnerable version as soon as practical, and changing secrets/passwords after applying the update if affected credentials may have been exposed.
- Vendor
- B&R Industrial Automation GmbH
- Product
- B&R APROL
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-03-24
- Original CVE updated
- 2025-03-24
- Advisory published
- 2025-03-24
- Advisory updated
- 2025-03-24
Who should care
OT/ICS administrators, B&R APROL engineers, plant operations teams, and security responders who manage systems where multiple authenticated users share the same APROL environment. Environments with local user access, shared engineering stations, or runtime hosts should prioritize review.
Technical summary
The advisory describes an Incorrect Permission Assignment for Critical Resource in the file system used by B&R APROL <4.4-01. The issue can let an authenticated local attacker access and modify another user’s configuration, creating confidentiality, integrity, and availability impact. The supplied CVSS vector is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, reflecting local attack conditions with low privileges and no user interaction.
Defensive priority
High. The vulnerability affects a core OT product and can expose or alter user configuration on affected hosts. Because the issue is local and requires authentication, priority should be highest on shared or multi-user engineering/runtime systems and any environment where local accounts are not tightly controlled.
Recommended defensive actions
- Apply the vendor patch or upgrade to a non-vulnerable version of B&R APROL at the earliest convenient maintenance window.
- Verify the installed APROL version against the vendor documentation before and after remediation.
- If credentials or secrets may have been exposed, change all relevant passwords/secrets after applying the update, as recommended by the vendor.
- Review local account access and reduce unnecessary authenticated local access on affected systems.
- Follow CISA and vendor ICS defense-in-depth guidance for segmentation, least privilege, and secure administration of OT assets.
Evidence notes
This debrief is based only on the supplied CISA CSAF advisory (ICSA-25-093-05) and the vendor/CISA references listed in the corpus. The advisory dates supplied are 2025-03-24 for publication and modification. The affected product is identified as B&R APROL <4.4-01, and the remediation guidance in the corpus explicitly recommends patching/upgrading and changing secrets/passwords after update where confidentiality may be impacted.
Official resources
-
CVE-2024-10209 CVE record
CVE.org
-
CVE-2024-10209 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Published in the supplied CISA advisory on 2025-03-24 (ICSA-25-093-05). No KEV listing is present in the supplied corpus.