SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-847032056] Beckhoff TwinCAT

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2018-03-22OtherBeckhoff Automation GmbHSteven Seeley of Source Incite reported this vulnerability to NCCIC.N/ACVE-2018-7502 N/AN/AN/A

Source

						
							
								
#
# Beckhoff TwinCAT
#


### VULNERABLE VENDOR
Beckhoff Automation GmbH


### VULNERABLE PRODUCT
TwinCAT 


### RESEARCHER
Steven Seeley of Source Incite reported this vulnerability to NCCIC.


### AFFECTED PRODUCTS
Beckhoff reports that the vulnerability affects the following TwinCAT PLC products:

TwinCAT 3.1 Build 4022.4 or prior,
TwinCAT 2.11 R3 2259 or prior, and
TwinCAT 3.1 C++ / Matlab (TC1210/TC1220/TC1300/TC1320)


### IMPACT
Successful exploitation of this vulnerability could allow local attackers to escalate privileges.


### VULNERABILITY OVERVIEW
UNTRUSTED POINTER DEREFERENCE CWE-822
Several kernel drivers lack proper validation of user-supplied pointer values.
An attacker who is able to execute code on the target may be able to exploit this vulnerability to obtain SYSTEM privileges.
CVE-2018-7502 has been assigned to this vulnerability.
A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)





### BACKGROUND
Critical Infrastructure Sectors: Critical Manufacturing, Energy, Water and Wastewater Systems
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Germany




### MITIGATION

Beckhoff recommends users update to the newest version and recompile Matlab modules after updating.

Please see Beckhoff Security Advisory 2018-001 at the following location for more information:

https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2018-001.pdf