Skip to main content

B&R APROL CVE-2026-6901

| EUVDEUVD-2026-41870 HIGH
Untrusted Search Path (CWE-426)
2026-07-06 ABB GHSA-65g5-qf5m-jpxh
8.4
CVSS 4.0 · Vendor: ABB
Share

Severity by source

Vendor (ABB) PRIMARY
8.4 HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
7.1 HIGH

Untrusted search path needs local access and an existing low-privileged account (AV:L/PR:L), triggers automatically without interaction (AC:L/UI:N), and yields high confidentiality and integrity but no availability impact.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (ABB).

CVSS VectorVendor: ABB

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

5
Analysis Updated
Jul 06, 2026 - 11:30 vuln.today
v3 (cvss_changed)
Analysis Updated
Jul 06, 2026 - 11:29 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jul 06, 2026 - 11:22 vuln.today
cvss_changed
CVSS changed
Jul 06, 2026 - 11:22 NVD
7.7 (HIGH) 8.4 (HIGH)
Analysis Generated
Jul 06, 2026 - 10:51 vuln.today

DescriptionCVE.org

Untrusted Search Path vulnerability in B&R Industrial Automation GmbH APROL.

This issue affects APROL: before R 4.4-01P5.

AnalysisAI

Local privilege/code manipulation in B&R Industrial Automation's APROL process control system (all versions before R 4.4-01P5) arises from an untrusted search path (CWE-426), allowing a low-privileged local user to plant a malicious executable or library that the application loads from an attacker-influenced directory. Successful exploitation yields high confidentiality and integrity impact on the affected engineering/operator station. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privileged local account on APROL host
Delivery
Plant malicious binary in search path directory
Exploit
Privileged APROL process loads attacker component
Execution
Code executes with elevated privileges
Impact
Disclose sensitive data and tamper with control config

Vulnerability AssessmentAI

Exploitation Exploitation requires local access to an APROL host running a version before R 4.4-01P5 and an existing low-privileged account (CVSS PR:L), with no user interaction needed. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector (AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N) tells a consistent story: exploitation requires local access and existing low-level privileges, but no user interaction and low attack complexity, producing high confidentiality and integrity impact with no availability impact - hence the 8.4 High score. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with a low-privileged local account on an APROL operator or engineering station (or who has already gained a foothold on that host) places a malicious executable or shared library in a directory that appears in the application's search path. When a higher-privileged APROL process next resolves and loads that component by name, the attacker's code runs with the elevated process's privileges, exposing sensitive process/configuration data and allowing tampering. …
Remediation Upgrade APROL to Vendor-released patch: R 4.4-01P5 or later, which is the first release that resolves the untrusted search path issue per B&R/ABB advisory SA26P011 (https://br-cws-assets.de-fra-1.linodeobjects.com/SA26P011-661853b7.pdf). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Audit all APROL installations to identify versions prior to R 4.4-01P5; map local user access patterns and document which stations are critical to operations; restrict unnecessary local user accounts. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-6901 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy