Description
The MPD package included in TwinCAT/BSD allows an authenticated, low-privileged local attacker to induce a Denial-of-Service (DoS) condition on the daemon and execute code in the context of user “root” via a crafted HTTP request.
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
Low
Affected products
- Beckhoff / MDP package0 – 1.2.7.0
- Beckhoff / TwinCAT/BSD0 – 14.1.2.0
References
- VENDOR_ADVISORYhttps://cert.vde.com/en/advisories/VDE-2024-050