CVE-2019-19874 – CVE-2019-19874 is a command injection vulnerabi... (How to Fix)

Q: What is the severity of CVE-2019-19874?

CVE-2019-19874 has a CVSS score of 9.8 (CRITICAL). CVE-2019-19874 is a command injection vulnerability in B&R Industrial Automation APROL web interface that allows attackers to execute arbitrary commands on the web server. This affects APROL systems before version R4.2 V7.08. Industrial control systems using vulnerable APROL versions are at risk of remote compromise.

📋 TL;DR

CVE-2019-19874 is a command injection vulnerability in B&R Industrial Automation APROL web interface that allows attackers to execute arbitrary commands on the web server. This affects APROL systems before version R4.2 V7.08. Industrial control systems using vulnerable APROL versions are at risk of remote compromise.

💻 Affected Systems

Products:

B&R Industrial Automation APROL

Versions: All versions before R4.2 V7.08

Operating Systems: Industrial control system platforms running APROL

Default Config Vulnerable: ⚠️ Yes

Notes: Affects web interface components of APROL systems. Different vulnerability than CVE-2019-16364 but similar impact.

📦 What is this software?

Industrial Automation Aprol by Br Automation

View all CVEs affecting Industrial Automation Aprol →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to execute arbitrary commands with web server privileges, potentially leading to industrial process disruption, data theft, or lateral movement within OT networks.

🟠

Likely Case

Remote code execution leading to web server compromise, potential data exfiltration, and unauthorized access to industrial control systems.

🟢

If Mitigated

Limited impact if proper network segmentation, web application firewalls, and least privilege principles are implemented.

🌐 Internet-Facing: HIGH - Web interface accessible from internet allows remote exploitation without authentication.

🏢 Internal Only: HIGH - Even internally, vulnerable systems can be exploited by attackers who gain network access.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Command injection vulnerabilities typically have low exploitation complexity. No public exploit code found, but weaponization is likely given CVSS 9.8 score and industrial control system target.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: R4.2 V7.08 or later

Vendor Advisory: https://www.br-automation.com/downloads_br_productcatalogue/BRP44400000000000000585952/APROL_R42_A1_ReleaseNotes_001.pdf

Restart Required: Yes

Instructions:

1. Download APROL R4.2 V7.08 or later from B&R Industrial Automation. 2. Backup current configuration and data. 3. Apply the update following vendor documentation. 4. Restart the system. 5. Verify the update was successful.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate APROL systems from untrusted networks and implement strict firewall rules.

Web Application Firewall

all

Deploy WAF with command injection protection rules to block exploitation attempts.

🧯 If You Can't Patch

Implement strict network segmentation to isolate APROL systems from untrusted networks
Deploy web application firewall with command injection protection rules

🔍 How to Verify

Check if Vulnerable:

Check APROL version via web interface or system configuration. If version is earlier than R4.2 V7.08, system is vulnerable.

Check Version:

Check APROL web interface or consult system documentation for version information

Verify Fix Applied:

Verify APROL version is R4.2 V7.08 or later via system administration interface.

📡 Detection & Monitoring

Log Indicators:

Unusual command execution in web server logs
Suspicious HTTP requests to web scripts with command injection patterns
Unexpected process creation from web server

Network Indicators:

HTTP requests containing command injection patterns (semicolons, pipes, backticks) to APROL web endpoints
Unusual outbound connections from web server

SIEM Query:

source="aprol_web_logs" AND (http_uri="*;*" OR http_uri="*|*" OR http_uri="*`*" OR http_uri="*$(*")

📊 Metadata

CVE ID: CVE-2019-19874

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-77

Published: November 27, 2020

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-19874, you might also want to check these: