Article No° | Product Name | Affected Version(s) |
---|---|---|
TwinCAT Package Manager | < 1.0.603.0 |
Beckhoff's TwinCAT 3.1 Build 4026 software is modularized and is installed with different packages depending on user requirements. These packages are selected and installed using either the command line utility tcpkg or the corresponding graphical user interface called TwinCAT Package Manager. Both use the same configuration that specifies where to load packages from. These locations are called feeds, have preconfigured default settings and can be customized by administrative users, for example to add another local mirror of a package server. When using the TwinCAT Package Manager on a PC, a user with administrative access rights can locally set a specially crafted URL for a feed that causes the TwinCAT Package Manager to execute arbitrary operating system commands.
A local user with administrative access rights can enter specialy crafted values for settings at the user interface (UI) of the TwinCAT Package Manager which then causes arbitrary OS commands to be executed.
A local user with administrative access rights can enter specialy crafted values for settings at the user interface (UI) of the TwinCAT Package Manager which then causes arbitrary OS commands to be executed.
Mitigation
Administrative users shall always act thoroughly and inspect the values which they enter.
Remediation
Please update to a recent version of the affected product.
CERT@VDE coordinated with Beckhoff
Beckhoff Automation GmbH & Co. KG thanks elcazator from ELEX FEIGONG RESEARCH INSTITUTE of Elex CyberSecurity, Inc. for Reporting.