← voltar
CVE-2025-41726

Beckhoff: Arbitrary code execution within privileged processes

CVSS 8.8 HIGHEPSS 0.4%CWE-190
A low privileged remote attacker can execute arbitrary code by sending specially crafted calls to the web service of the Device Manager or locally via an API and can cause integer overflows which then may lead to arbitrary code execution within privileged processes.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
Beckhoff Automation · Beckhoff.Device.Manager.XARBeckhoff Automation · MDP for Beckhoff RT Linux(R)Beckhoff Automation · MDP software package for TwinCAT/BSD

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://certvde.com/de/advisories/VDE-2025-092