CVE-2021-34594

MEDIUM

Beckhoff TF6100 and TS6100 Firmware < 4.3.48.0 - Path Traversal and Arbitrary File Manipulation

Title source: llm
STIX 2.1

Description

TwinCAT OPC UA Server in TF6100 and TS6100 in product versions before 4.3.48.0 or with TcOpcUaServer versions below 3.2.0.194 are prone to a relative path traversal that allow administrators to create or delete any files on the system.

References (1)

Core 1
Core References
Mitigation, Third Party Advisory x_refsource_confirm
https://cert.vde.com/en/advisories/VDE-2021-051/

Scores

CVSS v3 6.5
EPSS 0.0109
EPSS Percentile 61.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

Details

CWE
CWE-22 CWE-23
Status published
Products (2)
beckhoff/tf6100_firmware < 4.3.48.0
beckhoff/ts6100_firmware < 4.3.48.0
Published Nov 04, 2021
Tracked Since Feb 18, 2026