CVE-2024-41176

The MPD package included in TwinCAT/BSD allows an authenticated, low-privileged local attacker to induce a Denial-of-Service (DoS) condition on the daemon and execute code in the context of user “root” via a crafted HTTP request.
References
Link Resource
https://cert.vde.com/en/advisories/VDE-2024-050 Mitigation Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:beckhoff:mdp_package:*:*:*:*:*:*:*:*
cpe:2.3:o:beckhoff:twincat\/bsd:*:*:*:*:*:*:*:*

History

12 Sep 2024, 14:26

Type Values Removed Values Added
References () https://cert.vde.com/en/advisories/VDE-2024-050 - () https://cert.vde.com/en/advisories/VDE-2024-050 - Mitigation, Third Party Advisory
CVSS v2 : unknown
v3 : 6.5
v2 : unknown
v3 : 7.3
CPE cpe:2.3:o:beckhoff:twincat\/bsd:*:*:*:*:*:*:*:*
cpe:2.3:a:beckhoff:mdp_package:*:*:*:*:*:*:*:*
First Time Beckhoff
Beckhoff twincat\/bsd
Beckhoff mdp Package
CWE NVD-CWE-Other

27 Aug 2024, 13:01

Type Values Removed Values Added
Summary
  • (es) El paquete MPD incluido en TwinCAT/BSD permite a un atacante local autenticado y con pocos privilegios inducir una condición de denegación de servicio (DoS) en el demonio y ejecutar código en el contexto del usuario "root" a través de una solicitud HTTP manipulada.

27 Aug 2024, 08:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-27 08:15

Updated : 2024-10-01 07:15


NVD link : CVE-2024-41176

Mitre link : CVE-2024-41176

CVE.ORG link : CVE-2024-41176


JSON object : View

Products Affected

beckhoff

  • twincat\/bsd
  • mdp_package
CWE
NVD-CWE-Other CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')