BECKHOFF TwinCAT 3.1

CPE Details

BECKHOFF TwinCAT 3.1
beckhoff
twincat
3.1
2018-04-16
15h12 +00:00
2021-05-06
14h38 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:beckhoff:twincat:3.1:*:*:*:*:*:*:*

Informations

Vendor

beckhoff

Product

twincat

Version

3.1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2020-12494 2020-06-16 11h28 +00:00 Beckhoff's TwinCAT RT network driver for Intel 8254x and 8255x is providing EtherCAT functionality. The driver implements real-time features. Except for Ethernet frames sent from real-time functionality, all other Ethernet frames sent through the driver are not padded if their payload is less than the minimum Ethernet frame size. Instead, arbitrary memory content is transmitted within in the padding bytes of the frame. Most likely this memory contains slices from previously transmitted or received frames. By this method, memory content is disclosed, however, an attacker can hardly control which memory content is affected. For example, the disclosure can be provoked with small sized ICMP echo requests sent to the device.
5.3
Medium
CVE-2018-7502 2018-03-23 17h00 +00:00 Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, and TwinCAT 3.1 lack proper validation of user-supplied pointer values. An attacker who is able to execute code on the target may be able to exploit this vulnerability to obtain SYSTEM privileges.
7.8
High
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.