Siemens SIMATIC S7-1200 and S7-1500 CPUs contained in various Festo Didactic products contain a memory protection bypass vulnerability that could allow an attacker to write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks
The following tools:
create a directory with insufficient permissions, allowing a low-level user the ability to add and modify certain files that hold SYSTEM privileges, which could lead to privilege escalation.
By default, TwinCAT/BSD-based products have a device-specific web interface for web-based management (WBM) enabled, developed by Beckhoff and known as Beckhoff Device Manager UI. It can be accessed remotely or locally. When accessed locally, a user can post specifically crafted input which then lets the process “MDPWebServer” consume a maximum of CPU cycles and Random Access Memory (RAM).
By default, TwinCAT/BSD-based products have a device-specific web interface for web-based management (WBM) enabled, developed by Beckhoff and known as Beckhoff Device Manager UI. It can be accessed remotely or locally. When accessed locally, a user can post specifically crafted input which then causes a buffer overflow on stack which in turn lets the process “MDPService” crash such that the web interface becomes unavailable until next restart or even execute code in the context of user “root”.
By default, TwinCAT/BSD-based products have a device-specific web interface for web-based management (WBM) enabled, developed by Beckhoff and known as Beckhoff Device Manager UI. It can be accessed remotely or locally. When accessed locally, the authentication mechanism for the web interface can be bypassed by any local user, regardless of their permissions, and they can act with administrative access rights via this mechanism.
By default, TwinCAT/BSD-based products have a device-specific web interface for web-based management (WBM) enabled, developed by Beckhoff and known as Beckhoff Device Manager UI. It can be accessed remotely or locally. When accessed locally, the user can bypass input validation by entering specially crafted inputs into the user interface for certain pages, which then allows local commands to be executed with administrative privileges.
TruControl laser control software from versions 3.50.0 to 4.00.0.B use Linux kernel versions affected by CVE-2024-1086. The affected kernel vulnerability could lead to local privilege escalation.
TruControl laser control software prior to version 1.60.0 uses an OpenSSH server version affected by CVE-2024-6387. The affected OpenSSH Server version could potentially lead to a remote code execution.