CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-10210: Path traversal in APROL Web Portal

8.4 CVSS

Description

An External Control of File Name or Path vulnerability in the APROL Web Portal used in B&R APROL <4.4-005P may allow an authenticated network-based attacker to access data from the file system.

Classification

CVE ID: CVE-2024-10210

CVSS Base Severity: HIGH

CVSS Base Score: 8.4

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N

Problem Types

CWE-73 External Control of File Name or Path

Affected Products

Vendor: B&R Industrial Automation GmbH

Product: APROL

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 14.15% (scored less or equal to compared to others)

EPSS Date: 2025-04-23 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2024-10210
https://www.br-automation.com/fileadmin/SA24P015-77573c08.pdf

Timeline

2025-03-25 06:40:10 UTC
CVE

Path traversal in APROL Web Portal