Linux Kernel Vulnerabilities Expose B&R APROL Products to Local Privilege Escalation (CVSS 7.8)
Per CISA's June 23 ICS advisory, publicly reported Linux kernel vulnerabilities affect kernel versions shipped with B&R products, including Linux for B&R APROL X20EDS410, rated CVSS v3 7.8.
At a glance
- Linux kernel vulnerabilities shipped in B&R products (including APROL X20EDS410) are rated CVSS v3 7.8.
- Local exploitation could allow privilege escalation, and public PoC exploits exist.
- B&R reported no evidence of active exploitation against its products at publication.
VERDICT — CONFIRMED
Per CISA's June 23 ICS advisory, publicly reported Linux kernel vulnerabilities affect kernel versions shipped with B&R products, including Linux for B&R APROL X20EDS410, rated CVSS v3 7.8. Successful local exploitation could allow privilege escalation on affected systems, and public proof-of-concept exploits are available for the flaws. B&R stated it had no evidence of active exploitation targeting its products at the time of publication.
Key facts on file
- Linux kernel vulnerabilities shipped in B&R products (including APROL X20EDS410) are rated CVSS v3 7.8.
- Local exploitation could allow privilege escalation, and public PoC exploits exist.
- B&R reported no evidence of active exploitation against its products at publication.