Sign-up

ID

VAR-201803-2203


CVE

CVE-2018-7502


TITLE

Beckhoff TwinCAT Untrusted Pointer Reference Vulnerability

Trust: 0.8

sources: IVD: e2e9ba2e-39ab-11e9-a5b1-000c29342cb1 // CNVD: CNVD-2018-06288

DESCRIPTION

Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, and TwinCAT 3.1 lack proper validation of user-supplied pointer values. An attacker who is able to execute code on the target may be able to exploit this vulnerability to obtain SYSTEM privileges. Beckhoff TwinCAT Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Beckhoff TwinCAT system software \"remodels\" any compatible PC into a real-time controller with a multi-PLC system, NC axis control system, programming environment and operator station, replacing traditional PLC and NC/CNC controllers and operating equipment. There is an untrusted pointer reference vulnerability in TwinCAT. Beckhoff TwinCAT is prone to multiple local privilege-escalation vulnerabilities. Beckhoff TwinCAT 2 and 3.1 are vulnerable

Trust: 2.7

sources: NVD: CVE-2018-7502 // JVNDB: JVNDB-2018-003449 // CNVD: CNVD-2018-06288 // BID: 103487 // IVD: e2e9ba2e-39ab-11e9-a5b1-000c29342cb1 // VULMON: CVE-2018-7502

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e2e9ba2e-39ab-11e9-a5b1-000c29342cb1 // CNVD: CNVD-2018-06288

AFFECTED PRODUCTS

vendor:beckhoffmodel:twincatscope:eqversion:3.1

Trust: 1.9

vendor:beckhoffmodel:twincatscope:eqversion:2.11

Trust: 1.6

vendor:beckhoffmodel:twincat c\+\+scope:eqversion:3.1

Trust: 1.6

vendor:beckhoff automationmodel:twincatscope:eqversion:2.11 r3 2259

Trust: 0.8

vendor:beckhoff automationmodel:twincatscope:eqversion:3.1

Trust: 0.8

vendor:beckhoff automationmodel:twincatscope:eqversion:3.1 build 4022.4

Trust: 0.8

vendor:beckhoffmodel:twincat buildscope:lteversion:<=3.14022.4

Trust: 0.6

vendor:beckhoffmodel:twincat r3scope:lteversion:<=2.112259

Trust: 0.6

vendor:beckhoffmodel:twincat c ++/matlabscope:eqversion:3.1

Trust: 0.6

vendor:beckhoffmodel:twincat buildscope:eqversion:3.14022.4

Trust: 0.3

vendor:beckhoffmodel:twincat buildscope:eqversion:3.14022

Trust: 0.3

vendor:beckhoffmodel:twincat r3scope:eqversion:2.112259

Trust: 0.3

vendor:beckhoffmodel:twincatscope:eqversion:2

Trust: 0.3

vendor:beckhoffmodel:twincat buildscope:neversion:3.14022.14

Trust: 0.3

vendor:beckhoffmodel:twincat r3scope:neversion:2.112300

Trust: 0.3

vendor:twincatmodel: - scope:eqversion:2.11

Trust: 0.2

vendor:twincatmodel: - scope:eqversion:3.1

Trust: 0.2

vendor:twincat cmodel: - scope:eqversion:3.1

Trust: 0.2

sources: IVD: e2e9ba2e-39ab-11e9-a5b1-000c29342cb1 // CNVD: CNVD-2018-06288 // BID: 103487 // JVNDB: JVNDB-2018-003449 // CNNVD: CNNVD-201803-837 // NVD: CVE-2018-7502

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-7502
value: HIGH

Trust: 1.0

NVD: CVE-2018-7502
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-06288
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201803-837
value: HIGH

Trust: 0.6

IVD: e2e9ba2e-39ab-11e9-a5b1-000c29342cb1
value: HIGH

Trust: 0.2

VULMON: CVE-2018-7502
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-7502
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2018-06288
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2e9ba2e-39ab-11e9-a5b1-000c29342cb1
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2018-7502
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: e2e9ba2e-39ab-11e9-a5b1-000c29342cb1 // CNVD: CNVD-2018-06288 // VULMON: CVE-2018-7502 // JVNDB: JVNDB-2018-003449 // CNNVD: CNNVD-201803-837 // NVD: CVE-2018-7502

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

problemtype:CWE-822

Trust: 1.0

sources: JVNDB: JVNDB-2018-003449 // NVD: CVE-2018-7502

THREAT TYPE

local

Trust: 0.9

sources: BID: 103487 // CNNVD: CNNVD-201803-837

TYPE

Input validation

Trust: 0.8

sources: IVD: e2e9ba2e-39ab-11e9-a5b1-000c29342cb1 // CNNVD: CNNVD-201803-837

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-003449

PATCH
title:Advisory 2018-001: TwinCAT 2 and 3.1 Kernel Driver Privilege Escalationurl:https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2018-001.pdf
Trust: 0.8
title:Beckhoff TwinCAT patch for untrusted pointer reference vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/123311
Trust: 0.6
title:Beckhoff TwinCAT Kernal Fixes for driver permission and access control vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79382
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-06288 // 
            
            
            
            JVNDB: JVNDB-2018-003449 // 
            
            
            
            CNNVD: CNNVD-201803-837

EXTERNAL IDS
db:NVDid:CVE-2018-7502
Trust: 3.6
db:ICS CERTid:ICSA-18-081-02
Trust: 2.8
db:BIDid:103487
Trust: 2.0
db:CNVDid:CNVD-2018-06288
Trust: 0.8
db:CNNVDid:CNNVD-201803-837
Trust: 0.8
db:JVNDBid:JVNDB-2018-003449
Trust: 0.8
db:NSFOCUSid:39182
Trust: 0.6
db:IVDid:E2E9BA2E-39AB-11E9-A5B1-000C29342CB1
Trust: 0.2
db:VULMONid:CVE-2018-7502
Trust: 0.1
sources:
            
            
            IVD: e2e9ba2e-39ab-11e9-a5b1-000c29342cb1 // 
            
            
            
            CNVD: CNVD-2018-06288 // 
            
            
            
            VULMON: CVE-2018-7502 // 
            
            
            
            BID: 103487 // 
            
            
            
            JVNDB: JVNDB-2018-003449 // 
            
            
            
            CNNVD: CNNVD-201803-837 // 
            
            
            
            NVD: CVE-2018-7502

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-18-081-02
Trust: 2.8
url:https://download.beckhoff.com/download/document/product-security/advisories/advisory-2018-001.pdf
Trust: 2.6
url:http://www.securityfocus.com/bid/103487
Trust: 1.7
url:https://srcincite.io/advisories/src-2018-0007/
Trust: 1.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7502
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-7502
Trust: 0.8
url:http://www.nsfocus.net/vulndb/39182
Trust: 0.6
url:http://beckhoff.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/20.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-06288 // 
            
            
            
            VULMON: CVE-2018-7502 // 
            
            
            
            BID: 103487 // 
            
            
            
            JVNDB: JVNDB-2018-003449 // 
            
            
            
            CNNVD: CNNVD-201803-837 // 
            
            
            
            NVD: CVE-2018-7502

CREDITS
Steven Seeley of Source Incite
Trust: 0.9
sources:
            
            
            BID: 103487 // 
            
            
            
            CNNVD: CNNVD-201803-837

SOURCES
db:IVDid:e2e9ba2e-39ab-11e9-a5b1-000c29342cb1
db:CNVDid:CNVD-2018-06288
db:VULMONid:CVE-2018-7502
db:BIDid:103487
db:JVNDBid:JVNDB-2018-003449
db:CNNVDid:CNNVD-201803-837
db:NVDid:CVE-2018-7502

LAST UPDATE DATE
2024-11-23T22:52:10.477000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-06288date:2018-03-27T00:00:00
db:VULMONid:CVE-2018-7502date:2018-05-23T00:00:00
db:BIDid:103487date:2018-03-22T00:00:00
db:JVNDBid:JVNDB-2018-003449date:2018-05-23T00:00:00
db:CNNVDid:CNNVD-201803-837date:2018-03-26T00:00:00
db:NVDid:CVE-2018-7502date:2024-11-21T04:12:15.373

SOURCES RELEASE DATE
db:IVDid:e2e9ba2e-39ab-11e9-a5b1-000c29342cb1date:2018-03-26T00:00:00
db:CNVDid:CNVD-2018-06288date:2018-03-26T00:00:00
db:VULMONid:CVE-2018-7502date:2018-03-23T00:00:00
db:BIDid:103487date:2018-03-22T00:00:00
db:JVNDBid:JVNDB-2018-003449date:2018-05-23T00:00:00
db:CNNVDid:CNNVD-201803-837date:2018-03-23T00:00:00
db:NVDid:CVE-2018-7502date:2018-03-23T17:29:00.213