CVE-2021-34594

Name of the Vulnerable Software and Affected Versions TwinCAT OPC UA Server versions prior to 4.3.48.0 TwinCAT OPC UA Server with TcOpcUaServer versions below 3.2.0.194

Description The issue is related to errors in processing relative paths to directories. Exploitation of this issue may allow a remote attacker to create and delete arbitrary files on the system. This can be achieved through a relative path traversal, potentially allowing administrators to create or delete any files on the system.

Recommendations For TwinCAT OPC UA Server versions prior to 4.3.48.0, update to version 4.3.48.0 or later to resolve the issue. For TwinCAT OPC UA Server with TcOpcUaServer versions below 3.2.0.194, update TcOpcUaServer to version 3.2.0.194 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive directories and files to minimize the risk of exploitation.