Impact
Improper certificate validation in B&R Industrial Automation GmbH APROL, identified by CWE‑295, allows an attacker to present a forged certificate and gain unauthorized access to device communications, potentially compromising confidentiality and integrity. The vulnerability carries a CVSS score of 9.1, indicating a high severity impact.
Affected Systems
APROL devices running firmware versions before R 4.4‑01P5 are affected. These versions are used in industrial control environments where secure communication is critical.
Risk and Exploitability
The CVSS score of 9.1 and the lack of an available EPSS score suggest a serious risk, although automated exploitation data is not publicly reported. The vulnerability is likely exploitable through the device’s network interface by presenting an unverified certificate during management or control sessions. Because it is not listed in the CISA KEV catalog yet, there are no known public exploits, but the high score calls for immediate attention.
OpenCVE Enrichment