Skip to main content

Aprol

2 CVEs product

Monthly

CVE-2026-6901 HIGH This Week

Local privilege/code manipulation in B&R Industrial Automation's APROL process control system (all versions before R 4.4-01P5) arises from an untrusted search path (CWE-426), allowing a low-privileged local user to plant a malicious executable or library that the application loads from an attacker-influenced directory. Successful exploitation yields high confidentiality and integrity impact on the affected engineering/operator station. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; the CVSS 4.0 base score is 8.4 (High).

Information Disclosure Aprol
NVD
CVSS 4.0
8.4
EPSS
0.1%
CVE-2026-6900 CRITICAL Act Now

Improper TLS certificate validation in B&R Industrial Automation's APROL process control system (all versions before R 4.4-01P5) lets a network-positioned attacker intercept and tamper with supposedly encrypted communications. Because APROL fails to properly verify certificates (CWE-295), an adversary able to sit between components can decrypt sensitive process data and inject manipulated messages. No public exploit identified at time of analysis and the flaw is not in CISA KEV, but the CVSS 4.0 base score of 9.1 reflects the high confidentiality and integrity impact.

Information Disclosure Aprol
NVD
CVSS 4.0
9.1
EPSS
0.1%
EPSS 0% CVSS 8.4
HIGH This Week

Local privilege/code manipulation in B&R Industrial Automation's APROL process control system (all versions before R 4.4-01P5) arises from an untrusted search path (CWE-426), allowing a low-privileged local user to plant a malicious executable or library that the application loads from an attacker-influenced directory. Successful exploitation yields high confidentiality and integrity impact on the affected engineering/operator station. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; the CVSS 4.0 base score is 8.4 (High).

Information Disclosure Aprol
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

Improper TLS certificate validation in B&R Industrial Automation's APROL process control system (all versions before R 4.4-01P5) lets a network-positioned attacker intercept and tamper with supposedly encrypted communications. Because APROL fails to properly verify certificates (CWE-295), an adversary able to sit between components can decrypt sensitive process data and inject manipulated messages. No public exploit identified at time of analysis and the flaw is not in CISA KEV, but the CVSS 4.0 base score of 9.1 reflects the high confidentiality and integrity impact.

Information Disclosure Aprol
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy