Description
Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, and TwinCAT 3.1 lack proper validation of user-supplied pointer values. An attacker who is able to execute code on the target may be able to exploit this vulnerability to obtain SYSTEM privileges.
References (4)
Core 4
Core References
Various Sources x_refsource_misc
https://srcincite.io/advisories/src-2018-0007/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/103487
Mitigation, Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-18-081-02
Vendor Advisory x_refsource_confirm
https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2018-001.pdf
Scores
CVSS v3
7.8
EPSS
0.0056
EPSS Percentile
41.8%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
CWE-822
Status
published
Products (3)
beckhoff/twincat
2.11
beckhoff/twincat
3.1
beckhoff/twincat_c\+\+
3.1
Published
Mar 23, 2018
Tracked Since
Feb 18, 2026