Lucene search

CERTVDECVELIST:CVE-2024-41173

HistoryAug 27, 2024 - 8:00 a.m.

CVE-2024-41173 Beckhoff: Local authentication bypass in the IPC-Diagnostics package included in TwinCAT/BSD

2024-08-2708:00:47

CWE-288

CERTVDE

www.cve.org

cve-2024-41173

beckhoff

twincat/bsd

ipc-diagnostics

authentication bypass

vulnerability

low privileged attacker

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.5%

JSON

The IPC-Diagnostics package included in TwinCAT/BSD is vulnerable to a local authentication bypass by a low privileged attacker.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "IPC Diagnostics package",
    "vendor": "Beckhoff",
    "versions": [
      {
        "lessThan": "2.0.0.1",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "TwinCAT/BSD",
    "vendor": "Beckhoff",
    "versions": [
      {
        "lessThan": "14.1.2.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

References

cert.vde.com/en/advisories/VDE-2024-045

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.5%

JSON

Related for CVELIST:CVE-2024-41173