CVE-2024-41176

Summary

The MPD package included in TwinCAT/BSD allows an authenticated, low-privileged local attacker to induce a Denial-of-Service (DoS) condition on the daemon and execute code in the context of user “root” via a crafted HTTP request.

Affected Software

VendorProductVersion RangeStatus
BeckhoffMDP package0 < 1.2.7.0affected
BeckhoffTwinCAT/BSD0 < 14.1.2.0affected

Weaknesses

  • CWE-120: CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References