CVE-2024-45484 B&R Industrial Automation GmbH CVE debrief

Who should care

OT/ICS operators, plant engineers, and security teams running B&R APROL <4.4-00P5, especially where adjacent-network access is possible. Patch management and network-segmentation owners should also pay attention.

Technical summary

The advisory describes a resource-exhaustion condition in the operating system network configuration used by B&R APROL <4.4-00P5. The attack prerequisites are relatively low for an OT adjacency scenario: no authentication is required, and the attacker must be adjacent on the network. The primary impact is availability, with the advisory describing denial-of-service attacks against the product. The provided CVSS vector is CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H/E:F/RL:O/RC:C.

Defensive priority

High

Recommended defensive actions

• Inventory B&R APROL deployments and confirm whether any instance is running a version earlier than 4.4-00P5.
• Apply the vendor patch or upgrade to a non-vulnerable version at the earliest practical maintenance window.
• Use the vendor user manual to verify the installed version and follow the documented update procedure.
• After applying the update, review whether passwords or other secrets should be rotated, per the vendor advisory note.
• Reduce adjacent-network exposure where possible and follow CISA ICS recommended practices for segmentation and defensive hardening.

Evidence notes

The supplied corpus ties this CVE to CISA CSAF advisory ICSA-25-093-05, published and modified on 2025-03-24. The advisory identifies B&R APROL <4.4-00P5 as affected, describes the issue as an allocation-of-resources-without-limits-or-throttling weakness in the operating system network configuration, and states that an unauthenticated adjacent attacker may cause denial of service. Vendor remediation in the advisory is to patch or upgrade to a non-vulnerable version, with additional guidance to change secrets/passwords after updating. No KEV entry was provided in the source data.

Official resources