Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Beckhoff TwinCAT PLC products by ICS-CERT

    CVE-2018-7502 (GCVE-0-2018-7502)

    Vulnerability from nvd – Published: 2018-03-23 17:00 – Updated: 2024-09-16 17:14
    VLAI
    Summary
    Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, and TwinCAT 3.1 lack proper validation of user-supplied pointer values. An attacker who is able to execute code on the target may be able to exploit this vulnerability to obtain SYSTEM privileges.
    Severity
    No CVSS data available.
    CWE
    • CWE-822 - Untrusted Pointer Dereference CWE-822
    Assigner
    Impacted products
    Vendor Product Version
    ICS-CERT Beckhoff TwinCAT PLC products Affected: TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, TwinCAT 3.1
    Create a notification for this product.
    Date Public
    2018-03-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:31:04.349Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://srcincite.io/advisories/src-2018-0007/"
              },
              {
                "name": "103487",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/103487"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-081-02"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2018-001.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Beckhoff TwinCAT PLC products",
              "vendor": "ICS-CERT",
              "versions": [
                {
                  "status": "affected",
                  "version": "TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, TwinCAT 3.1"
                }
              ]
            }
          ],
          "datePublic": "2018-03-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, and TwinCAT 3.1 lack proper validation of user-supplied pointer values. An attacker who is able to execute code on the target may be able to exploit this vulnerability to obtain SYSTEM privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-822",
                  "description": "Untrusted Pointer Dereference CWE-822",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-05-22T19:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://srcincite.io/advisories/src-2018-0007/"
            },
            {
              "name": "103487",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/103487"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-081-02"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2018-001.pdf"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-03-22T00:00:00",
              "ID": "CVE-2018-7502",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Beckhoff TwinCAT PLC products",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, TwinCAT 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ICS-CERT"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, and TwinCAT 3.1 lack proper validation of user-supplied pointer values. An attacker who is able to execute code on the target may be able to exploit this vulnerability to obtain SYSTEM privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Untrusted Pointer Dereference CWE-822"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://srcincite.io/advisories/src-2018-0007/",
                  "refsource": "MISC",
                  "url": "https://srcincite.io/advisories/src-2018-0007/"
                },
                {
                  "name": "103487",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/103487"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-081-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-081-02"
                },
                {
                  "name": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2018-001.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2018-001.pdf"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-7502",
        "datePublished": "2018-03-23T17:00:00.000Z",
        "dateReserved": "2018-02-26T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:14:23.452Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-7502 (GCVE-0-2018-7502)

    Vulnerability from cvelistv5 – Published: 2018-03-23 17:00 – Updated: 2024-09-16 17:14
    VLAI
    Summary
    Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, and TwinCAT 3.1 lack proper validation of user-supplied pointer values. An attacker who is able to execute code on the target may be able to exploit this vulnerability to obtain SYSTEM privileges.
    Severity
    No CVSS data available.
    CWE
    • CWE-822 - Untrusted Pointer Dereference CWE-822
    Assigner
    Impacted products
    Vendor Product Version
    ICS-CERT Beckhoff TwinCAT PLC products Affected: TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, TwinCAT 3.1
    Create a notification for this product.
    Date Public
    2018-03-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:31:04.349Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://srcincite.io/advisories/src-2018-0007/"
              },
              {
                "name": "103487",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/103487"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-081-02"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2018-001.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Beckhoff TwinCAT PLC products",
              "vendor": "ICS-CERT",
              "versions": [
                {
                  "status": "affected",
                  "version": "TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, TwinCAT 3.1"
                }
              ]
            }
          ],
          "datePublic": "2018-03-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, and TwinCAT 3.1 lack proper validation of user-supplied pointer values. An attacker who is able to execute code on the target may be able to exploit this vulnerability to obtain SYSTEM privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-822",
                  "description": "Untrusted Pointer Dereference CWE-822",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-05-22T19:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://srcincite.io/advisories/src-2018-0007/"
            },
            {
              "name": "103487",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/103487"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-081-02"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2018-001.pdf"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-03-22T00:00:00",
              "ID": "CVE-2018-7502",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Beckhoff TwinCAT PLC products",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, TwinCAT 3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ICS-CERT"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, and TwinCAT 3.1 lack proper validation of user-supplied pointer values. An attacker who is able to execute code on the target may be able to exploit this vulnerability to obtain SYSTEM privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Untrusted Pointer Dereference CWE-822"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://srcincite.io/advisories/src-2018-0007/",
                  "refsource": "MISC",
                  "url": "https://srcincite.io/advisories/src-2018-0007/"
                },
                {
                  "name": "103487",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/103487"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-081-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-081-02"
                },
                {
                  "name": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2018-001.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2018-001.pdf"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-7502",
        "datePublished": "2018-03-23T17:00:00.000Z",
        "dateReserved": "2018-02-26T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:14:23.452Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }