Skip to main content

B&R APROL CVE-2026-6900

| EUVDEUVD-2026-41868 CRITICAL
Improper Certificate Validation (CWE-295)
2026-07-06 ABB GHSA-4q88-82vm-7283
9.1
CVSS 4.0 · Vendor: ABB
Share

Severity by source

Vendor (ABB) PRIMARY
9.1 HIGH
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
7.4 HIGH

Network vector but MITM prerequisite makes AC:H; no auth or interaction (PR:N/UI:N); high confidentiality and integrity from intercept/tamper, no availability impact.

3.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
4.0 AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (ABB).

CVSS VectorVendor: ABB

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

6
Analysis Updated
Jul 06, 2026 - 11:28 vuln.today
v3 (cvss_changed)
Analysis Updated
Jul 06, 2026 - 11:28 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jul 06, 2026 - 11:22 vuln.today
cvss_changed
Severity Changed
Jul 06, 2026 - 11:22 NVD
HIGH CRITICAL
CVSS changed
Jul 06, 2026 - 11:22 NVD
7.4 (HIGH) 9.1 (CRITICAL)
Analysis Generated
Jul 06, 2026 - 10:52 vuln.today

DescriptionCVE.org

Improper certificate validation vulnerability in B&R Industrial Automation GmbH APROL.

This issue affects APROL: before R 4.4-01P5.

AnalysisAI

Improper TLS certificate validation in B&R Industrial Automation's APROL process control system (all versions before R 4.4-01P5) lets a network-positioned attacker intercept and tamper with supposedly encrypted communications. Because APROL fails to properly verify certificates (CWE-295), an adversary able to sit between components can decrypt sensitive process data and inject manipulated messages. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain foothold on OT network
Delivery
Establish MITM between APROL components
Exploit
Present forged TLS certificate
Execution
APROL accepts invalid cert
Persist
Decrypt and tamper with process traffic
Impact
Disclose data and inject commands

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to hold a man-in-the-middle network position between APROL components (reflected by CVSS 4.0 AT:P, Attack Requirements Present) - for example via ARP/DNS spoofing, a rogue device, or a compromised host on the same control network segment. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The vendor CVSS 4.0 vector (AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N) scores 9.1. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has gained a foothold on the plant/control network (for example a compromised engineering workstation or a rogue device on the OT LAN) positions themselves between two APROL components and presents a self-signed or forged certificate. Because APROL does not properly validate it, the TLS session is established against the attacker, who then reads confidential process and configuration data and injects altered commands or telemetry. …
Remediation Vendor-released patch: upgrade APROL to R 4.4-01P5 or later, which corrects the certificate validation, as documented in B&R advisory SA26P011 (https://br-cws-assets.de-fra-1.linodeobjects.com/SA26P011-661853b7.pdf). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all APROL deployments and assess network positioning relative to untrusted networks or remote access points. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-6900 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy