CVE-2024-8934
MEDIUMTwinCAT Package Manager < 1.0.603.0 - Authenticated OS Command Injection via UI Settings
Title source: llmDescription
A local user with administrative access rights can enter specialy crafted values for settings at the user interface (UI) of the TwinCAT Package Manager which then causes arbitrary OS commands to be executed.
References (1)
Core 1
Core References
Various Sources
https://cert.vde.com/en/advisories/VDE-2024-064
Scores
CVSS v3
6.5
EPSS
0.0019
EPSS Percentile
8.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-78
Status
published
Products (1)
Beckhoff/TwinCAT Package Manager
< 1.0.603.0
Published
Oct 31, 2024
Tracked Since
Feb 18, 2026