Severity by source
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network vector but MITM prerequisite makes AC:H; no auth or interaction (PR:N/UI:N); high confidentiality and integrity from intercept/tamper, no availability impact.
Primary rating from Vendor (ABB).
CVSS VectorVendor: ABB
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
6DescriptionCVE.org
Improper certificate validation vulnerability in B&R Industrial Automation GmbH APROL.
This issue affects APROL: before R 4.4-01P5.
AnalysisAI
Improper TLS certificate validation in B&R Industrial Automation's APROL process control system (all versions before R 4.4-01P5) lets a network-positioned attacker intercept and tamper with supposedly encrypted communications. Because APROL fails to properly verify certificates (CWE-295), an adversary able to sit between components can decrypt sensitive process data and inject manipulated messages. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker to hold a man-in-the-middle network position between APROL components (reflected by CVSS 4.0 AT:P, Attack Requirements Present) - for example via ARP/DNS spoofing, a rogue device, or a compromised host on the same control network segment. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The vendor CVSS 4.0 vector (AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N) scores 9.1. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has gained a foothold on the plant/control network (for example a compromised engineering workstation or a rogue device on the OT LAN) positions themselves between two APROL components and presents a self-signed or forged certificate. Because APROL does not properly validate it, the TLS session is established against the attacker, who then reads confidential process and configuration data and injects altered commands or telemetry. … |
| Remediation | Vendor-released patch: upgrade APROL to R 4.4-01P5 or later, which corrects the certificate validation, as documented in B&R advisory SA26P011 (https://br-cws-assets.de-fra-1.linodeobjects.com/SA26P011-661853b7.pdf). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all APROL deployments and assess network positioning relative to untrusted networks or remote access points. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-295 – Improper Certificate Validation
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-41868
GHSA-4q88-82vm-7283