26 March 2018
Serious vulnerability identified in Beckhoff TwinCAT PLC software solution
US-CERT has published an advisory on a vulnerability in Beckhoff TwinCAT software solution for programmable logic controllers. Successful exploitation of the vulnerability could allow a local attacker to escalate privileges on the target system.
According to a security advisory published by Beckhoff Automation, the vulnerability is due to the lack of proper validation of user-supplied pointer values by several kernel drivers.
Уязвимости подвержены следующие продукты:
- TwinCAT 3.1.build 4022.4 or prior;
- TwinCAT 2.11 R3 build 2259 or prior;
- TwinCAT 3.1 C++ / Matlab (TC1210/TC1220/TC1300/TC1320).
The newly identified security flaw was assigned the ID CVE-2018-7502 and CVSS v.3 base score of 7.8.
Beckhoff Automation recommends updating affected software to the latest versions and recompiling Matlab to close the vulnerability.
Threats to ICS and industrial enterprises in 2022 as they are foreseen from November 2021
23 November 2021
Good old buffer overflow
31 March 2021
Network Asset Traversal or NATural disaster: NAT Slipstreaming 2.0
30 March 2021