#VU11260 Untrusted pointer dereference in TwinCAT - CVE-2018-7502
Published: March 26, 2018 / Updated: October 27, 2020
Vulnerability identifier: #VU11260
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2018-7502
CWE-ID: CWE-822
Exploitation vector: Local access
Exploit availability:
Public exploit is available
Vulnerable software:
TwinCAT
TwinCAT
Software vendor:
Beckhoff
Beckhoff
Description
The vulnerability allows a local attacker to execute arbitrary code on the target system.
The weakness exists due to improper validation of user-supplied pointer values. A local attacker can execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
The weakness exists due to improper validation of user-supplied pointer values. A local attacker can execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Remediation
Update TwinCAT 3.1 Build 4022 to version 4022.14, TwinCAT 2.11 R3 to version 2300 and recompile TwinCAT 3.1 C++/Matlab modules after update.