← Back to home
ICSA-24-312-01  ·  Published 2024-11-07  ·  View on CISA ICS-CERT ↗

Beckhoff Automation TwinCAT Package Manager

CVSS 6.5 MEDIUM

Risk Summary

Successful exploitation this vulnerability could allow a local attacker with administrative access rights to execute arbitrary OS commands on the affected system.

CVEs (1)

Remediations

  • Beckhoff Automation recommends users update to at least version 1.0.613.0.
  • Additionally, Beckhoff Automation has identified the following specific workarounds and mitigations users can apply to reduce risk:
  • Administrative users should always act thoroughly and inspect the values which they enter.
  • Please update to a recent version of the affected product.
  • For more information CERT@VDE has released security advisory VDE-2024-064

Affected Vendors

Beckhoff Automation

Affected Products (1)

Beckhoff Automation · TwinCAT Package Manager <1.0.603.0

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more