These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2024-8314 affects B&R APROL versions earlier than 4.4-00P5 and is described as an authentication/session-handling issue that may let an authenticated network attacker take over a currently active user session without login credentials. CISA published the advisory on 2025-03-24 and the vendor recommends applying the update or upgrading to a non-vulnerable version as soon as practical.
CVE-2024-8313 affects the SNMP component in B&R APROL <4.4-00P5. According to the CISA advisory published on 2025-03-24, an unauthenticated attacker on an adjacent network may be able to read and alter configuration data through SNMP. B&R recommends applying the patch or upgrading to a non-vulnerable version, and changing secrets/passwords after updating.
CVE-2024-45484 affects B&R APROL versions earlier than 4.4-00P5. According to the CISA CSAF advisory, an allocation-of-resources-without-limits-or-throttling issue in the operating system network configuration may allow an unauthenticated adjacent attacker to cause denial-of-service conditions. The advisory rates the issue CVSS 7.6 (HIGH). B&R recommends applying the patch or upgrading to a non-vulnerable [truncated]
CVE-2024-45483 is a medium-severity issue in B&R APROL <4.4-01 where the GRUB configuration can be altered by an unauthenticated attacker with physical access. In practical terms, this is a boot-chain integrity problem: if an attacker can reach the device locally, they may change how the operating system boots. B&R and CISA both published guidance on 2025-03-24, and B&R recommends applying the patch or up [truncated]
CVE-2024-10210 is a high-severity vulnerability in the APROL Web Portal used by B&R APROL versions before 4.4-00P5. According to the CISA advisory, an authenticated network-based attacker may be able to access data from the file system. B&R recommends applying the patch or upgrading to a non-vulnerable version and changing secrets/passwords after remediation.
CVE-2024-10209 is a high-severity local privilege/permission issue in the file system used by B&R APROL <4.4-01. According to the CISA CSAF advisory published on 2025-03-24, an authenticated local attacker may be able to read and alter the configuration of another engineering or runtime user. B&R recommends patching or upgrading to a non-vulnerable version as soon as practical, and changing secrets/passwo [truncated]
CVE-2024-10208 is a medium-severity web portal input-handling issue affecting B&R APROL <4.4-00P5. According to the CISA CSAF advisory, an authenticated network-based attacker could insert malicious code that is then executed in the context of the victim’s browser session.
CVE-2024-10207 is a medium-severity server-side request forgery issue in the APROL Web Portal for B&R APROL versions before 4.4-00P5. The advisory says an authenticated, network-based attacker can force the web server to request arbitrary URLs. CISA published the advisory on 2025-03-24, and B&R recommends patching or upgrading to a non-vulnerable version as soon as practical.
CVE-2024-10206 is a server-side request forgery (SSRF) issue in the APROL Web Portal used by B&R APROL versions before 4.4-00P5. According to the CISA CSAF advisory, an unauthenticated network-based attacker may be able to make the web server request arbitrary URLs. The supplied advisory rates the issue as medium severity with a confidentiality impact, and B&R recommends patching or upgrading to a non-vul [truncated]