Lucene search
CERTVDECVE-2024-41176HistoryAug 27, 2024 - 8:15 a.m.
CVE-2024-41176
2024-08-2708:15:05
CWE-120
CERTVDE
web.nvd.nist.gov
25
mpd
twincat
bsd
local attacker
dos
execute code
root
crafted http request
CVSS3
7.3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
AI Score
7.1
Confidence
Low
EPSS
0
Percentile
9.5%
The MPD package included in TwinCAT/BSD allows an authenticated, low-privileged local
attacker to induce a Denial-of-Service (DoS) condition on the daemon and execute code in
the context of user “root” via a crafted HTTP request.
Affected configurations
Node
beckhoffmdp_packageRange<1.2.7.0
ORbeckhofftwincat\/bsdRange<14.1.2.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| beckhoff | mdp_package | * | cpe:2.3:a:beckhoff:mdp_package:*:*:*:*:*:*:*:* |
| beckhoff | twincat\/bsd | * | cpe:2.3:o:beckhoff:twincat\/bsd:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "MDP package",
"vendor": "Beckhoff",
"versions": [
{
"lessThan": "1.2.7.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TwinCAT/BSD",
"vendor": "Beckhoff",
"versions": [
{
"lessThan": "14.1.2.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
]References
Related
vulnrichment
vulnrichment
nessus
nessus
Beckhoff (CVE-2024-41176)
2024-09-12 00:00:00
cvelist
cvelist
nvd
nvd
CVE-2024-41176
2024-08-27 08:15:05
CVSS3
7.3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
AI Score
7.1
Confidence
Low
EPSS
0
Percentile
9.5%
Related for CVE-2024-41176