Vulnerabilities > Beckhoff > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-27 | CVE-2024-41173 | Unspecified vulnerability in Beckhoff IPC Diagnostics Package and Twincat/Bsd The IPC-Diagnostics package included in TwinCAT/BSD is vulnerable to a local authentication bypass by a low privileged attacker. | 7.8 |
| 2024-08-27 | CVE-2024-41176 | Unspecified vulnerability in Beckhoff MDP Package and Twincat/Bsd The MPD package included in TwinCAT/BSD allows an authenticated, low-privileged local attacker to induce a Denial-of-Service (DoS) condition on the daemon and execute code in the context of user “root” via a crafted HTTP request. | 7.3 |
| 2020-11-19 | CVE-2020-12510 | Incorrect Default Permissions vulnerability in Beckhoff Twincat Extended Automation Runtime 3.1 The default installation path of the TwinCAT XAR 3.1 software in all versions is underneath C:\TwinCAT. | 7.3 |
| 2020-03-12 | CVE-2020-9464 | Resource Exhaustion vulnerability in Beckhoff Bk9000 Firmware A Denial-of-Service vulnerability exists in BECKHOFF Ethernet TCP/IP Bus Coupler BK9000. | 7.5 |
| 2019-11-21 | CVE-2019-5637 | Divide By Zero vulnerability in Beckhoff Twincat 3.1.4022.29/3.1.4022.30 When Beckhoff TwinCAT is configured to use the Profinet driver, a denial of service of the controller could be reached by sending a malformed UDP packet to the device. | 7.5 |
| 2019-11-21 | CVE-2019-5636 | Improper Resource Shutdown or Release vulnerability in Beckhoff Twincat 2.0/3.1 When a Beckhoff TwinCAT Runtime receives a malformed UDP packet, the ADS Discovery Service shuts down. | 7.5 |
| 2018-03-23 | CVE-2018-7502 | Improper Input Validation vulnerability in Beckhoff Twincat and Twincat C++ Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, and TwinCAT 3.1 lack proper validation of user-supplied pointer values. | 7.8 |