Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
beckhoff twincat 3.1 vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2018-7502
Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, and TwinCAT 3.1 lack proper validation of user-supplied pointer values. An attacker who is able to execute code on the target may be able to exploit this vulnerability to obtain SYSTEM privileges.
Beckhoff Twincat 3.1
Beckhoff Twincat 2.11
Beckhoff Twincat C++ 3.1
9.8
CVSSv3
CVE-2019-16871
Beckhoff Embedded Windows PLCs up to and including 3.1.4024.0, and Beckhoff Twincat on Windows Engineering stations, allow an malicious user to achieve Remote Code Execution (as SYSTEM) via the Beckhoff ADS protocol.
Beckhoff Twincat 2.0
Beckhoff Twincat 3.1
Beckhoff Twincat
7.5
CVSSv3
CVE-2019-5636
When a Beckhoff TwinCAT Runtime receives a malformed UDP packet, the ADS Discovery Service shuts down. Note that the TwinCAT devices are still performing as normal. This issue affects TwinCAT 2 version 2304 (and prior) and TwinCAT 3.1 version 4204.0 (and prior).
Beckhoff Twincat 2.0
Beckhoff Twincat 3.1
7.3
CVSSv3
CVE-2020-12510
The default installation path of the TwinCAT XAR 3.1 software in all versions is underneath C:\TwinCAT. If the directory does not exist it and further subdirectories are created with permissions which allow every local user to modify the content. The default installation register...
Beckhoff Twincat Extended Automation Runtime 3.1
7.5
CVSSv3
CVE-2019-5637
When Beckhoff TwinCAT is configured to use the Profinet driver, a denial of service of the controller could be reached by sending a malformed UDP packet to the device. This issue affects TwinCAT 2 version 2304 (and prior) and TwinCAT 3.1 version 4204.0 (and prior).
Beckhoff Twincat 3.1.4022.30
Beckhoff Twincat 3.1.4022.29
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started