CVE-2025-41768 Beckhoff: XSS Vulnerability in TwinCAT 3 HMI Server

An high privileged remote attacker can inject arbitrary content into the custom CSS field on the affected devices due to improper neutralization of input during web page generation 'Cross-site Scripting'...

Beckhoff Automation TwinCAT 3 HMI Server Cross-site Scripting Vulnerability

Beckhoff Automation TwinCAT 3 HMI Server is a data transmission and permission management component developed by the American company Beckhoff Automation. The Beckhoff Automation TwinCAT 3 HMI Server has a cross-site scripting vulnerability. This vulnerability allows authenticated administrators ...

CVE-2025-41701 Beckhoff: Deserialization of untrusted data by TwinCAT 3 Engineering

An unauthenticated attacker can trick a local user into executing arbitrary commands by opening a deliberately manipulated project file with an affected engineering tool. These arbitrary commands are executed in the user context...

CVE-2025-41701 Beckhoff: Deserialization of untrusted data by TwinCAT 3 Engineering

An unauthenticated attacker can trick a local user into executing arbitrary commands by opening a deliberately manipulated project file with an affected engineering tool. These arbitrary commands are executed in the user context...

CVE-2025-41701

Beckhoff TwinCAT 3 Engineering contains a vulnerability (CVE-2025-41701) where deserialization of untrusted data can be triggered by a manipulated project file, allowing an unauthenticated local attacker to execute arbitrary commands in the user’s context. The available connected sources confirm ...

CVE-2019-5637

When Beckhoff TwinCAT is configured to use the Profinet driver, a denial of service of the controller could be reached by sending a malformed UDP packet to the device. This issue affects TwinCAT 2 version 2304 and prior and TwinCAT 3.1 version 4204.0 and prior...