Beckhoff TwinCAT Untrusted Pointer Dereference (CVE-2018-7502)

high Tenable OT Security Plugin ID 500341

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, and TwinCAT 3.1 lack proper validation of user-supplied pointer values. An attacker who is able to execute code on the target may be able to exploit this vulnerability to obtain SYSTEM privileges.

This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Beckhoff recommends users update to the newest version and recompile Matlab modules after updating.

Please see Beckhoff Security Advisory 2018-001 at the following location for more information:

https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2018-001.pdf

See Also

http://www.nessus.org/u?229fcc10

http://www.securityfocus.com/bid/103487

https://ics-cert.us-cert.gov/advisories/ICSA-18-081-02

https://srcincite.io/advisories/src-2018-0007/

Plugin Details

Severity: High

ID: 500341

Version: 1.7

Type: remote

Family: Tenable.ot

Published: 2/7/2022

Updated: 12/4/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2018-7502

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7.2

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:beckhoff:twincat:2.11, cpe:/a:beckhoff:twincat_c%2b%2b:3.1, cpe:/a:beckhoff:twincat:3.1.4022

Required KB Items: Tenable.ot/Beckhoff

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/23/2018

Vulnerability Publication Date: 3/23/2018

Exploitable With

Core Impact

Reference Information

CVE: CVE-2018-7502

CWE: 20

ICSA: 18-081-02