Lucene search
HistoryAug 27, 2024 - 8:15 a.m.
CVE-2024-41176
mpd package
twincat/bsd
local attacker
dos
execute code
root
crafted http request
CVSS3
7.3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
EPSS
0
Percentile
9.5%
The MPD package included in TwinCAT/BSD allows an authenticated, low-privileged local
attacker to induce a Denial-of-Service (DoS) condition on the daemon and execute code in
the context of user “root” via a crafted HTTP request.
Affected configurations
Node
beckhoffmdp_packageRange<1.2.7.0
ORbeckhofftwincat\/bsdRange<14.1.2.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| beckhoff | mdp_package | * | cpe:2.3:a:beckhoff:mdp_package:*:*:*:*:*:*:*:* |
| beckhoff | twincat\/bsd | * | cpe:2.3:o:beckhoff:twincat\/bsd:*:*:*:*:*:*:*:* |
References
Related
cve
cve
CVE-2024-41176
2024-08-27 08:15:05
vulnrichment
vulnrichment
nessus
nessus
Beckhoff (CVE-2024-41176)
2024-09-12 00:00:00
cvelist
cvelist
CVSS3
7.3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
EPSS
0
Percentile
9.5%
Related for NVD:CVE-2024-41176