CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41176 – Beckhoff: Local Denial of Service issue in package MDP included in TwinCAT/BSD
https://notcve.org/view.php?id=CVE-2024-41176
27 Aug 2024 — The MPD package included in TwinCAT/BSD allows an authenticated, low-privileged local attacker to induce a Denial-of-Service (DoS) condition on the daemon and execute code in the context of user “root” via a crafted HTTP request. The MPD package included in TwinCAT/BSD allows an authenticated, low-privileged local attacker to induce a Denial-of-Service (DoS) condition on the daemon and execute code in the context of user “root” via a crafted HTTP request. • https://cert.vde.com/en/advisories/VDE-2024-050 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41175 – Beckhoff: Local Denial-of-Service vulnerability in TwinCAT/BSD and the IPC-Diagnostics package
https://notcve.org/view.php?id=CVE-2024-41175
27 Aug 2024 — The IPC-Diagnostics package included in TwinCAT/BSD is vulnerable to a local denial-of-service attack by a low privileged attacker. • https://cert.vde.com/en/advisories/VDE-2024-049 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41174 – Beckhoff: Improper input neutralization vulnerability in the IPC-Diagnostics package in TwinCAT/BSD
https://notcve.org/view.php?id=CVE-2024-41174
27 Aug 2024 — The IPC-Diagnostics package in TwinCAT/BSD is susceptible to improper input neutralization by a low-privileged local attacker. • https://cert.vde.com/en/advisories/VDE-2024-048 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41173 – Beckhoff: Local authentication bypass in the IPC-Diagnostics package included in TwinCAT/BSD
https://notcve.org/view.php?id=CVE-2024-41173
27 Aug 2024 — The IPC-Diagnostics package included in TwinCAT/BSD is vulnerable to a local authentication bypass by a low privileged attacker. • https://cert.vde.com/en/advisories/VDE-2024-045 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •