Lucene search

CERTVDECVELIST:CVE-2024-41174

HistoryAug 27, 2024 - 8:01 a.m.

CVE-2024-41174 Beckhoff: Improper input neutralization vulnerability in the IPC-Diagnostics package in TwinCAT/BSD

2024-08-2708:01:09

CWE-79

CERTVDE

www.cve.org

cve-2024-41174

beckhoff

improper input neutralization

twincat/bsd

CVSS3

7.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

20.0%

JSON

The IPC-Diagnostics package in TwinCAT/BSD is susceptible to improper input neutralization by a low-privileged local attacker.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "IPC Diagnostics package",
    "vendor": "Beckhoff",
    "versions": [
      {
        "lessThan": "2.0.0.1",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "TwinCAT/BSD",
    "vendor": "Beckhoff",
    "versions": [
      {
        "lessThan": "14.1.2.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

References

cert.vde.com/en/advisories/VDE-2024-048

CVSS3

7.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

20.0%

JSON

Related for CVELIST:CVE-2024-41174