PatchSiren cyber security CVE debrief
CVE-2024-45482 B&R Industrial Automation CVE debrief
CVE-2024-45482 is a high-severity issue in the SSH server on B&R APROL < 4.4-00P1. According to CISA’s CSAF advisory, an authenticated local attacker from a trusted remote server may be able to execute malicious commands. The issue was publicly disclosed on 2025-03-24 and is not listed as a KEV item in the provided data.
- Vendor
- B&R Industrial Automation
- Product
- B&R APROL
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-03-24
- Original CVE updated
- 2025-03-24
- Advisory published
- 2025-03-24
- Advisory updated
- 2025-03-24
Who should care
B&R APROL administrators, OT/ICS operators, and defenders managing environments where SSH access is allowed from trusted remote servers. Security teams should prioritize systems running B&R APROL versions earlier than 4.4-00P1, especially where remote administrative access is enabled.
Technical summary
The advisory identifies an Inclusion of Functionality from Untrusted Control Sphere weakness in the SSH server for B&R APROL < 4.4-00P1. The supplied CVSS vector is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating a local attack path requiring low privileges and no user interaction, with potentially severe confidentiality, integrity, and availability impact. CISA’s source description states that an authenticated local attacker from a trusted remote server may execute malicious commands. Vendor remediation guidance says to apply the patch or upgrade to a non-vulnerable version and change secrets/passwords after updating.
Defensive priority
High. The vulnerability has a 7.8 CVSS score and affects an SSH service in an industrial control context. Because the issue can enable command execution from a trusted remote server by an authenticated attacker, remediation should be scheduled promptly on exposed B&R APROL installations.
Recommended defensive actions
- Upgrade B&R APROL to version 4.4-00P1 or later, as recommended by the vendor.
- Apply the vendor patch using the installation process described in the user manual.
- Inventory APROL deployments to identify systems running versions earlier than 4.4-00P1.
- Review SSH access paths from trusted remote servers and limit them to the minimum necessary.
- After updating, change secrets/passwords as recommended by the vendor.
- Use ICS defense-in-depth guidance to reduce the impact of any authenticated remote access path.
- Validate that compensating controls and access logging are in place for OT remote administration.
Evidence notes
All core claims are drawn from the supplied CISA CSAF advisory and vendor references. The vulnerable product scope is B&R APROL < 4.4-00P1. The issue description states that an authenticated local attacker from a trusted remote server may execute malicious commands. The provided CVSS vector is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. Vendor remediation text recommends patching or upgrading to a non-vulnerable version and changing secrets/passwords after applying the update.
Official resources
-
CVE-2024-45482 CVE record
CVE.org
-
CVE-2024-45482 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed on 2025-03-24 via the CISA CSAF advisory ICSA-25-093-05. No KEV listing was provided in the source corpus for this CVE.