CVE-2022-43761 - OpenCVE

Missing authentication when creating and managing the B&R APROL database in versions < R 4.2-07 allows reading and changing the system configuration.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Br-automation	Industrial Automation Aprol

Configuration 1 [-]

cpe:2.3:a:br-automation:industrial_automation_aprol:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.br-automation.com/downloads_br_productcatalogue/assets/1674823095245-en-original-1.0.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: ABB

Published: 2023-02-08T09:33:28.002Z

Updated: 2024-08-03T13:40:06.403Z

Reserved: 2022-10-26T07:17:06.425Z

Link: CVE-2022-43761

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-02-08T10:15:09.907

Modified: 2023-11-07T03:54:02.767

Link: CVE-2022-43761

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-43761", "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "state": "PUBLISHED", "assignerShortName": "ABB", "dateReserved": "2022-10-26T07:17:06.425Z", "datePublished": "2023-02-08T09:33:28.002Z", "dateUpdated": "2024-08-03T13:40:06.403Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "B&R APROL", "vendor": "B&R Industrial Automation", "versions": [{"status": "affected", "version": "< R 4.2-07"}]}], "datePublic": "2023-01-29T18:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Missing authentication when creating and\nmanaging the B&R APROL database in versions < R 4.2-07\n\n\n\nallows reading and changing the system configuration. </p>\n\n\n\n\n\n"}], "value": "Missing authentication when creating and\nmanaging the B&R APROL database in versions <\u00a0R 4.2-07\n\n\n\nallows reading and changing the system configuration.\u00a0\n\n\n\n\n\n\n\n"}], "impacts": [{"capecId": "CAPEC-176", "descriptions": [{"lang": "en", "value": "CAPEC-176 Configuration/Environment Manipulation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 9.4, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9", "shortName": "ABB", "dateUpdated": "2023-02-24T11:33:46.477Z"}, "references": [{"url": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1674823095245-en-original-1.0.pdf"}], "source": {"discovery": "UNKNOWN"}, "title": "Lack of authentication when managing APROL database", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:40:06.403Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.br-automation.com/downloads_br_productcatalogue/assets/1674823095245-en-original-1.0.pdf", "tags": ["x_transferred"]}]}]}}