Improper Validation of User-Supplied Pointers in Beckhoff TwinCAT: Privilege Escalation Vulnerability

Improper Validation of User-Supplied Pointers in Beckhoff TwinCAT: Privilege Escalation Vulnerability

CVE-2018-7502 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, and TwinCAT 3.1 lack proper validation of user-supplied pointer values. An attacker who is able to execute code on the target may be able to exploit this vulnerability to obtain SYSTEM privileges.

Learn more about our User Device Pen Test.