CVE-2018-7502

EPSS 0.17%
Veröffentlicht 23.03.2018 17:29:00
Zuletzt bearbeitet 21.11.2024 04:12:15
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, and TwinCAT 3.1 lack proper validation of user-supplied pointer values. An attacker who is able to execute code on the target may be able to exploit this vulnerability to obtain SYSTEM privileges.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Beckhoff ≫ Twincat Version2.11

Beckhoff ≫ Twincat Version3.1

Beckhoff ≫ Twincat C++ Version3.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.17%	0.354

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-822 Untrusted Pointer Dereference

The product obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer.

http://www.securityfocus.com/bid/103487

Third Party Advisory

VDB Entry

https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2018-001.pdf

Vendor Advisory

https://ics-cert.us-cert.gov/advisories/ICSA-18-081-02

Third Party Advisory

US Government Resource

Mitigation

https://srcincite.io/advisories/src-2018-0007/