• 1 (current)
  • 2

Beckhoff: Denial-of-Service vulnerability in the IPC-Diagnostics package included in TwinCAT/BSD operating system

By default, TwinCAT/BSD-based products have a device-specific web interface for web-based management (WBM) enabled, developed by Beckhoff and known as Beckhoff Device Manager UI. It can be accessed remotely or locally. When accessed locally, a user can post specifically crafted input which then lets the process “MDPWebServer” consume a maximum of CPU cycles and Random Access Memory (RAM).


CVE-2024-41175: 5.5

Beckhoff: Denial-of-Service vulnerability in the MDP package included in TwinCAT/BSD operating system

By default, TwinCAT/BSD-based products have a device-specific web interface for web-based management (WBM) enabled, developed by Beckhoff and known as Beckhoff Device Manager UI. It can be accessed remotely or locally. When accessed locally, a user can post specifically crafted input which then causes a buffer overflow on stack which in turn lets the process “MDPService” crash such that the web interface becomes unavailable until next restart or even execute code in the context of user “root”. 


CVE-2024-41176: 6.5

Beckhoff: Local authentication bypass in IPC-Diagnostics package included in TwinCAT/BSD operating system

By default, TwinCAT/BSD-based products have a device-specific web interface for web-based management (WBM) enabled, developed by Beckhoff and known as Beckhoff Device Manager UI. It can be accessed remotely or locally. When accessed locally, the authentication mechanism for the web interface can be bypassed by any local user, regardless of their permissions, and they can act with administrative access rights via this mechanism.


CVE-2024-41173: 7.8

Beckhoff: Improper neutralization of input in IPC-Diagnostics-www package included in TwinCAT/BSD operating system

By default, TwinCAT/BSD-based products have a device-specific web interface for web-based management (WBM) enabled, developed by Beckhoff and known as Beckhoff Device Manager UI. It can be accessed remotely or locally. When accessed locally, the user can bypass input validation by entering specially crafted inputs into the user interface for certain pages, which then allows local commands to be executed with administrative privileges.


CVE-2024-41174: 7.3

TRUMPF SE: Multiple products prone to nftables server vulnerabilities

TruControl laser control software from versions 3.50.0 to 4.00.0.B use Linux kernel versions affected by CVE-2024-1086. The affected kernel vulnerability could lead to local privilege escalation.


CVE-2024-1086: 7.8

TRUMPF SE: Multiple products prone to regreSSHion OpenSSH server vulnerabilities

TruControl laser control software prior to version 1.60.0 uses an OpenSSH server version affected by CVE-2024-6387. The affected OpenSSH Server version could potentially lead to a remote code execution.


CVE-2024-6387: 8.1

Welotec: Multiple products are vulnerable to regreSSHion

Products from the Edge Gateway Family are affected by recently published so called RegreSSHion vulnerability. 


CVE-2024-6387: 8.1

Pepperl+Fuchs: Device Master ICDM-RX/* – Vulnerability may allow attackers to interact with a user via dialog box

Vulnerabilities has been discovered in the product, mainly caused by HTML injection and crosssite-scripting.

The impact of the vulnerability on the affected device may result in an information disclosure and denial of service.


CVE-2024-38502: 7.1
CVE-2024-5849: 7.1
CVE-2024-38501: 6.1
  • 1 (current)
  • 2

Feeds

Nach Hersteller

Archiv

2024
2023
2022
2021
2020
2019
2018
2017

Legende

(Scoring für CVSS 2.0,3.0+3.1)
keine
Kein CVE verfügbar
Niedrig
0.1 <= 3.9
Mittel
4.0 <= 6.9
Hoch
7.0 <= 8.9
Kritisch
9.0 <= 10.0