PT-2018-2656 · Beckhoff · Twincat

Mr_Me

Published

2018-03-13

Updated

2018-05-23

CVE-2018-7502

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions TwinCAT versions 2.11 R3 2259 through 3.1 Build 4022.4

Description The issue is related to insufficient validation of user-supplied input in kernel drivers, which could allow an attacker to exploit this and potentially gain SYSTEM privileges. This could lead to privilege escalation.

Recommendations For TwinCAT versions 2.11 R3 2259 through 3.1 Build 4022.4, consider restricting access to the kernel drivers until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Untrusted Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-822

Related Identifiers

BDU:2019-01278

CVE-2018-7502

Affected Products

Twincat

PT-2018-2656 · Beckhoff · Twincat

CVE-2018-7502

Weakness Enumeration

Related Identifiers

Affected Products

References · 8