关键漏洞信息 漏洞概述 漏洞编号: VDE-2025-092 发布日期: 27.01.2026 12:00 供应商: Beckhoff Automation GmbH & Co. KG 外部ID: VDE-2025-092 CSAF文档下载: Download --- 漏洞详情 CVE-2025-41726 - user can execute arbitrary code by sending specially crafted calls to the web service of the Beckhoff Device Manager or locally via an API and can cause integer overflows which then can lead to arbitrary code execution within privileged processes. - CVSS评分: 8.8 CVE-2025-41727 - user with low privileges on the device to bypass the authentication mechanism of the UI and send commands to a privileged process which it executes on behalf of that user but with higher privileges. - CVSS评分: 7.8 CVE-2025-41728 - user to cause an out-of-bounds read operation within a specific service process which runs on the device. - CVSS评分: 5.3 --- 受影响的产品 --- 修复措施 更新到受影响组件的最新版本(见下表)或更新完整的操作系统映像。 撤销版本: - Beckhoff.Device.Manager.XAR tcpkg package: 2.5.3 - Beckhoff IPC Diagnostics software for Windows: 2.5.3 - MDP.dll library library for Windows CE 6.0 and Embedded Compact 7 on x86: 1.7.0.0 - MDP software package for TwinCAT/BSD: 1.7.0.0 - mdp-bhf software package Beckhoff RT Linux(R): 0.0.5-1 - MDP.dll library library for Windows CE 6.0 and Embedded Compact 7 on ARM32: 1.7.0.0 详情请联系Beckhoff服务(service@beckhoff.com)。