Description
Improper certificate validation vulnerability in B&R Industrial Automation GmbH APROL.

This issue affects APROL: before R 4.4-01P5.
Published: 2026-07-06
Score: 9.1 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Improper certificate validation in B&R Industrial Automation GmbH APROL, identified by CWE‑295, allows an attacker to present a forged certificate and gain unauthorized access to device communications, potentially compromising confidentiality and integrity. The vulnerability carries a CVSS score of 9.1, indicating a high severity impact.

Affected Systems

APROL devices running firmware versions before R 4.4‑01P5 are affected. These versions are used in industrial control environments where secure communication is critical.

Risk and Exploitability

The CVSS score of 9.1 and the lack of an available EPSS score suggest a serious risk, although automated exploitation data is not publicly reported. The vulnerability is likely exploitable through the device’s network interface by presenting an unverified certificate during management or control sessions. Because it is not listed in the CISA KEV catalog yet, there are no known public exploits, but the high score calls for immediate attention.

Generated by OpenCVE AI on July 6, 2026 at 16:58 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest APROL firmware update that addresses the certificate validation defect.
  • If a patch is not immediately available, restrict external network access to the APROL device and enforce strict certificate verification on all management interfaces.
  • Continuously monitor device logs for anomalous authentication attempts or certificate use, and investigate any suspicious activity promptly.

Generated by OpenCVE AI on July 6, 2026 at 16:58 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 06 Jul 2026 22:45:00 +0000

Type Values Removed Values Added
First Time appeared Br-automation
Br-automation industrial Automation Aprol
Vendors & Products Br-automation
Br-automation industrial Automation Aprol

Mon, 06 Jul 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 06 Jul 2026 10:30:00 +0000

Type Values Removed Values Added
Description Improper certificate validation vulnerability in B&R Industrial Automation GmbH APROL. This issue affects APROL: before R 4.4-01P5.
Title Improper Certificate Validation
Weaknesses CWE-295
References
Metrics cvssV3_1

{'score': 7.4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N'}

cvssV4_0

{'score': 9.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}


Subscriptions

Br-automation Industrial Automation Aprol
cve-icon MITRE

Status: PUBLISHED

Assigner: ABB

Published:

Updated: 2026-07-06T18:49:35.645Z

Reserved: 2026-04-23T08:25:59.674Z

Link: CVE-2026-6900

cve-icon Vulnrichment

Updated: 2026-07-06T18:49:31.688Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-06T22:15:15Z

Weaknesses
  • CWE-295

    Improper Certificate Validation