CVE-2020-12510

Name of the Vulnerable Software and Affected Versions TwinCAT XAR 3.1 versions (affected versions not specified)

Description The issue is related to the default installation path and permissions of the TwinCAT XAR 3.1 software. If the directory does not exist, it and further subdirectories are created with permissions that allow every local user to modify the content. The default installation registers TcSysUI.exe for automatic execution upon log in of a user. A less privileged user can replace TcSysUI.exe, which will be executed automatically by another user during login, including users with administrative access. This allows a less privileged user to trick a higher privileged user into executing modified code.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.