Lenze: Install Directory with insufficient permissions

The following tools:

  • VisiWinNET Smart
  • VisiWinNET Professional
  • EASY UI Designer

create a directory with insufficient permissions, allowing a low-level user the ability to add and modify certain files that hold SYSTEM privileges, which could lead to privilege escalation.


CVE-2023-31468: 7.8

Beckhoff: Denial-of-Service vulnerability in the IPC-Diagnostics package included in TwinCAT/BSD operating system

By default, TwinCAT/BSD-based products have a device-specific web interface for web-based management (WBM) enabled, developed by Beckhoff and known as Beckhoff Device Manager UI. It can be accessed remotely or locally. When accessed locally, a user can post specifically crafted input which then lets the process “MDPWebServer” consume a maximum of CPU cycles and Random Access Memory (RAM).


CVE-2024-41175: 5.5

Beckhoff: Denial-of-Service vulnerability in the MDP package included in TwinCAT/BSD operating system

By default, TwinCAT/BSD-based products have a device-specific web interface for web-based management (WBM) enabled, developed by Beckhoff and known as Beckhoff Device Manager UI. It can be accessed remotely or locally. When accessed locally, a user can post specifically crafted input which then causes a buffer overflow on stack which in turn lets the process “MDPService” crash such that the web interface becomes unavailable until next restart or even execute code in the context of user “root”. 


CVE-2024-41176: 6.5

Beckhoff: Local authentication bypass in IPC-Diagnostics package included in TwinCAT/BSD operating system

By default, TwinCAT/BSD-based products have a device-specific web interface for web-based management (WBM) enabled, developed by Beckhoff and known as Beckhoff Device Manager UI. It can be accessed remotely or locally. When accessed locally, the authentication mechanism for the web interface can be bypassed by any local user, regardless of their permissions, and they can act with administrative access rights via this mechanism.


CVE-2024-41173: 7.8

Beckhoff: Improper neutralization of input in IPC-Diagnostics-www package included in TwinCAT/BSD operating system

By default, TwinCAT/BSD-based products have a device-specific web interface for web-based management (WBM) enabled, developed by Beckhoff and known as Beckhoff Device Manager UI. It can be accessed remotely or locally. When accessed locally, the user can bypass input validation by entering specially crafted inputs into the user interface for certain pages, which then allows local commands to be executed with administrative privileges.


CVE-2024-41174: 7.3

TRUMPF SE: Multiple products prone to nftables server vulnerabilities

TruControl laser control software from versions 3.50.0 to 4.00.0.B use Linux kernel versions affected by CVE-2024-1086. The affected kernel vulnerability could lead to local privilege escalation.


CVE-2024-1086: 7.8

TRUMPF SE: Multiple products prone to regreSSHion OpenSSH server vulnerabilities

TruControl laser control software prior to version 1.60.0 uses an OpenSSH server version affected by CVE-2024-6387. The affected OpenSSH Server version could potentially lead to a remote code execution.


CVE-2024-6387: 8.1

Welotec: Multiple products are vulnerable to regreSSHion

Products from the Edge Gateway Family are affected by recently published so called RegreSSHion vulnerability. 


CVE-2024-6387: 8.1

Feeds

By Vendor

Archive

2024
2023
2022
2021
2020
2019
2018
2017

Legend

(Scoring for CVSS 2.0,3.0+3.1)
None
No CVE available
Low
0.1 <= 3.9
Medium
4.0 <= 6.9
High
7.0 <= 8.9
Critical
9.0 <= 10.0