Search
Find a vulnerability
Search criteria
2 vulnerabilities found for Beckhoff TwinCAT PLC products by ICS-CERT
CVE-2018-7502 (GCVE-0-2018-7502)
Vulnerability from nvd – Published: 2018-03-23 17:00 – Updated: 2024-09-16 17:14
VLAI
EPSS
VEX
Summary
Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, and TwinCAT 3.1 lack proper validation of user-supplied pointer values. An attacker who is able to execute code on the target may be able to exploit this vulnerability to obtain SYSTEM privileges.
Severity
No CVSS data available.
CWE
- CWE-822 - Untrusted Pointer Dereference CWE-822
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://srcincite.io/advisories/src-2018-0007/ | x_refsource_MISC |
| http://www.securityfocus.com/bid/103487 | vdb-entryx_refsource_BID |
| https://ics-cert.us-cert.gov/advisories/ICSA-18-081-02 | x_refsource_MISC |
| https://download.beckhoff.com/download/Document/p… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ICS-CERT | Beckhoff TwinCAT PLC products |
Affected:
TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, TwinCAT 3.1
|
Date Public
2018-03-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:31:04.349Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://srcincite.io/advisories/src-2018-0007/"
},
{
"name": "103487",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103487"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-081-02"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2018-001.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Beckhoff TwinCAT PLC products",
"vendor": "ICS-CERT",
"versions": [
{
"status": "affected",
"version": "TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, TwinCAT 3.1"
}
]
}
],
"datePublic": "2018-03-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, and TwinCAT 3.1 lack proper validation of user-supplied pointer values. An attacker who is able to execute code on the target may be able to exploit this vulnerability to obtain SYSTEM privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-822",
"description": "Untrusted Pointer Dereference CWE-822",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-22T19:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://srcincite.io/advisories/src-2018-0007/"
},
{
"name": "103487",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103487"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-081-02"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2018-001.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-03-22T00:00:00",
"ID": "CVE-2018-7502",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Beckhoff TwinCAT PLC products",
"version": {
"version_data": [
{
"version_value": "TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, TwinCAT 3.1"
}
]
}
}
]
},
"vendor_name": "ICS-CERT"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, and TwinCAT 3.1 lack proper validation of user-supplied pointer values. An attacker who is able to execute code on the target may be able to exploit this vulnerability to obtain SYSTEM privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted Pointer Dereference CWE-822"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://srcincite.io/advisories/src-2018-0007/",
"refsource": "MISC",
"url": "https://srcincite.io/advisories/src-2018-0007/"
},
{
"name": "103487",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103487"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-081-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-081-02"
},
{
"name": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2018-001.pdf",
"refsource": "CONFIRM",
"url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2018-001.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-7502",
"datePublished": "2018-03-23T17:00:00.000Z",
"dateReserved": "2018-02-26T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:14:23.452Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7502 (GCVE-0-2018-7502)
Vulnerability from cvelistv5 – Published: 2018-03-23 17:00 – Updated: 2024-09-16 17:14
VLAI
EPSS
VEX
Summary
Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, and TwinCAT 3.1 lack proper validation of user-supplied pointer values. An attacker who is able to execute code on the target may be able to exploit this vulnerability to obtain SYSTEM privileges.
Severity
No CVSS data available.
CWE
- CWE-822 - Untrusted Pointer Dereference CWE-822
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://srcincite.io/advisories/src-2018-0007/ | x_refsource_MISC |
| http://www.securityfocus.com/bid/103487 | vdb-entryx_refsource_BID |
| https://ics-cert.us-cert.gov/advisories/ICSA-18-081-02 | x_refsource_MISC |
| https://download.beckhoff.com/download/Document/p… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ICS-CERT | Beckhoff TwinCAT PLC products |
Affected:
TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, TwinCAT 3.1
|
Date Public
2018-03-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:31:04.349Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://srcincite.io/advisories/src-2018-0007/"
},
{
"name": "103487",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103487"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-081-02"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2018-001.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Beckhoff TwinCAT PLC products",
"vendor": "ICS-CERT",
"versions": [
{
"status": "affected",
"version": "TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, TwinCAT 3.1"
}
]
}
],
"datePublic": "2018-03-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, and TwinCAT 3.1 lack proper validation of user-supplied pointer values. An attacker who is able to execute code on the target may be able to exploit this vulnerability to obtain SYSTEM privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-822",
"description": "Untrusted Pointer Dereference CWE-822",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-22T19:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://srcincite.io/advisories/src-2018-0007/"
},
{
"name": "103487",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103487"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-081-02"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2018-001.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-03-22T00:00:00",
"ID": "CVE-2018-7502",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Beckhoff TwinCAT PLC products",
"version": {
"version_data": [
{
"version_value": "TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, TwinCAT 3.1"
}
]
}
}
]
},
"vendor_name": "ICS-CERT"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, and TwinCAT 3.1 lack proper validation of user-supplied pointer values. An attacker who is able to execute code on the target may be able to exploit this vulnerability to obtain SYSTEM privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted Pointer Dereference CWE-822"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://srcincite.io/advisories/src-2018-0007/",
"refsource": "MISC",
"url": "https://srcincite.io/advisories/src-2018-0007/"
},
{
"name": "103487",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103487"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-081-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-081-02"
},
{
"name": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2018-001.pdf",
"refsource": "CONFIRM",
"url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2018-001.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-7502",
"datePublished": "2018-03-23T17:00:00.000Z",
"dateReserved": "2018-02-26T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:14:23.452Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}