CVE-2024-45481 B&R Industrial Automation CVE debrief

Who should care

OT/ICS operators, plant administrators, and security teams responsible for B&R APROL systems, especially any environment that allows authenticated local access to hosts running SSH-related scripts.

Technical summary

The advisory describes an incomplete filtering problem in scripts that use the SSH server on B&R APROL <4.4-00P5. The CVSS vector (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) indicates a local attack requiring low privileges and no user interaction, with potentially high impact to confidentiality, integrity, and availability. The stated outcome is authentication as another legitimate user, which makes access control and account boundaries the main concern.

Defensive priority

High. Prioritize remediation on any exposed B&R APROL installation before 4.4-00P5, because the issue affects authentication paths and is reachable by an authenticated local actor.

Recommended defensive actions

• Apply the vendor patch or upgrade to a non-vulnerable B&R APROL version at the earliest opportunity.
• Use the user manual to confirm the installed APROL version so affected systems are identified accurately.
• Change all secrets and passwords after applying the update, as recommended by B&R.
• Follow vendor and CISA ICS recommended practices for defense in depth, including limiting local access where possible and reviewing SSH-related administrative pathways.

Evidence notes

This debrief is based on the supplied CISA CSAF advisory ICSA-25-093-05, published 2025-03-24 and initially revised 1.0.0 the same day. The advisory names B&R APROL <4.4-00P5 as affected and states that incomplete filtering of special elements in scripts using the SSH server may allow an authenticated local attacker to authenticate as another legitimate user. The supplied CVSS score is 7.8 (HIGH) with vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. Remediation guidance in the corpus is to patch or upgrade and then change secrets/passwords.

Official resources