CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8934 – Beckhoff: Local command injection via TwinCAT Package Manager
https://notcve.org/view.php?id=CVE-2024-8934
A local user with administrative access rights can enter specialy crafted values for settings at the user interface (UI) of the TwinCAT Package Manager which then causes arbitrary OS commands to be executed. • https://cert.vde.com/en/advisories/VDE-2024-064 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41176 – Beckhoff: Local Denial of Service issue in package MDP included in TwinCAT/BSD
https://notcve.org/view.php?id=CVE-2024-41176
The MPD package included in TwinCAT/BSD allows an authenticated, low-privileged local attacker to induce a Denial-of-Service (DoS) condition on the daemon and execute code in the context of user “root” via a crafted HTTP request. • https://cert.vde.com/en/advisories/VDE-2024-050 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41175 – Beckhoff: Local Denial-of-Service vulnerability in TwinCAT/BSD and the IPC-Diagnostics package
https://notcve.org/view.php?id=CVE-2024-41175
The IPC-Diagnostics package included in TwinCAT/BSD is vulnerable to a local denial-of-service attack by a low privileged attacker. • https://cert.vde.com/en/advisories/VDE-2024-049 https://infosys.beckhoff.com/content/1033/twincat_bsd/11780818443.html?id=4222392218353411614 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41174 – Beckhoff: Improper input neutralization vulnerability in the IPC-Diagnostics package in TwinCAT/BSD
https://notcve.org/view.php?id=CVE-2024-41174
The IPC-Diagnostics package in TwinCAT/BSD is susceptible to improper input neutralization by a low-privileged local attacker. • https://cert.vde.com/en/advisories/VDE-2024-048 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41173 – Beckhoff: Local authentication bypass in the IPC-Diagnostics package included in TwinCAT/BSD
https://notcve.org/view.php?id=CVE-2024-41173
The IPC-Diagnostics package included in TwinCAT/BSD is vulnerable to a local authentication bypass by a low privileged attacker. • https://cert.vde.com/en/advisories/VDE-2024-045 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •