Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Beckhoff: Local command injection via TwinCAT Package Manager
Vulnerability Description
A local user with administrative access rights can enter specialy crafted values for settings at the user interface (UI) of the TwinCAT Package Manager which then causes arbitrary OS commands to be executed.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Beckhoff TwinCAT 操作系统命令注入漏洞
Vulnerability Description
Beckhoff TwinCAT是德国Beckhoff公司的一套由实时环境和在开发环境中执行控制程序的实时系统组成的软件系统。该系统主要用于PLC(可编程逻辑控制器)编程、诊断和系统配置等。 Beckhoff TwinCAT 1.0.603.0之前版本存在操作系统命令注入漏洞,该漏洞源于具有管理访问权限的本地用户可以在用户界面(UI)上输入特制的设置值,然后执行任意操作系统命令。
CVSS Information
N/A
Vulnerability Type
N/A