CVE-2018-7502

Summary

Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, and TwinCAT 3.1 lack proper validation of user-supplied pointer values. An attacker who is able to execute code on the target may be able to exploit this vulnerability to obtain SYSTEM privileges.

Affected Software

VendorProductVersion RangeStatus
ICS-CERTBeckhoff TwinCAT PLC productsTwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, TwinCAT 3.1affected

Weaknesses

  • CWE-822: Untrusted Pointer Dereference CWE-822

ADP Enrichment

CVE Program Container

Additional References

References