Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Untrusted search path needs local access and an existing low-privileged account (AV:L/PR:L), triggers automatically without interaction (AC:L/UI:N), and yields high confidentiality and integrity but no availability impact.
Primary rating from Vendor (ABB).
CVSS VectorVendor: ABB
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionCVE.org
Untrusted Search Path vulnerability in B&R Industrial Automation GmbH APROL.
This issue affects APROL: before R 4.4-01P5.
AnalysisAI
Local privilege/code manipulation in B&R Industrial Automation's APROL process control system (all versions before R 4.4-01P5) arises from an untrusted search path (CWE-426), allowing a low-privileged local user to plant a malicious executable or library that the application loads from an attacker-influenced directory. Successful exploitation yields high confidentiality and integrity impact on the affected engineering/operator station. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires local access to an APROL host running a version before R 4.4-01P5 and an existing low-privileged account (CVSS PR:L), with no user interaction needed. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 vector (AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N) tells a consistent story: exploitation requires local access and existing low-level privileges, but no user interaction and low attack complexity, producing high confidentiality and integrity impact with no availability impact - hence the 8.4 High score. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with a low-privileged local account on an APROL operator or engineering station (or who has already gained a foothold on that host) places a malicious executable or shared library in a directory that appears in the application's search path. When a higher-privileged APROL process next resolves and loads that component by name, the attacker's code runs with the elevated process's privileges, exposing sensitive process/configuration data and allowing tampering. … |
| Remediation | Upgrade APROL to Vendor-released patch: R 4.4-01P5 or later, which is the first release that resolves the untrusted search path issue per B&R/ABB advisory SA26P011 (https://br-cws-assets.de-fra-1.linodeobjects.com/SA26P011-661853b7.pdf). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Audit all APROL installations to identify versions prior to R 4.4-01P5; map local user access patterns and document which stations are critical to operations; restrict unnecessary local user accounts. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-426 – Untrusted Search Path
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-41870
GHSA-65g5-qf5m-jpxh