Beckhoff: Denial-of-Service vulnerability in the MDP package included in TwinCAT/BSD operating system

Monitor6.5VDE-2024-050Aug 27, 2024

Attack VectorLocal

Auth RequiredLow

ComplexityHigh

User InteractionNone needed

Summary

A buffer overflow vulnerability exists in the MDP package included in TwinCAT/BSD. The Beckhoff Device Manager UI (WBM), which is enabled by default for web-based management, can be exploited by a local user through specially crafted input. This vulnerability can cause the MDPService process to crash (denial of service) or allow arbitrary code execution with root privileges. The vulnerability is related to stack-based buffer overflow (CWE-121).

What this means

What could happen

A local user with login access to a TwinCAT/BSD system can crash the MDPService process, taking the web-based management interface offline, or potentially execute commands as root on the device. This could disrupt remote monitoring and control of the industrial system until the device is manually restarted.

Who's at risk

Water and electric utility operators running Beckhoff TwinCAT/BSD systems for SCADA, PLC control, or industrial automation should evaluate this vulnerability. It affects any installation where the Beckhoff Device Manager UI is exposed or where non-administrator user accounts exist on the device.

How it could be exploited

An attacker with local login credentials on the TwinCAT/BSD system accesses the Beckhoff Device Manager UI web interface and sends a specially crafted request containing a buffer overflow payload to the MDPService process. The overflow crashes the service (denial of service) or allows arbitrary code execution with root privileges.

Prerequisites

Local login access to the TwinCAT/BSD system (valid user credentials)
Access to the Beckhoff Device Manager UI web interface (localhost or network-reachable if exposed)
Ability to POST crafted input to the web interface

local exploitation requiredbuffer overflow vulnerabilityaffects management interfaceroot code execution possibledefault credentials/accounts may lack passwords

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

MDP package <1.2.7.0<1.2.7.01.2.7.0

TwinCAT/BSD <14.1.2.0_153968<14.1.2.0 15396814.1.2.0_153968

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDRestrict network access to the Beckhoff Device Manager UI web interface using firewall rules—only allow connections from authorized management stations

HARDENINGEnsure all default user accounts on TwinCAT/BSD either have passwords set or are disabled to prevent unauthorized local login

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate MDP package to version 1.2.7.0 or later

HOTFIXUpdate TwinCAT/BSD to version 14.1.2.0_153968 or later

Long-term hardening

0/1

HARDENINGImplement network segmentation to isolate TwinCAT/BSD systems from untrusted networks

CVEs (1)

CVE-2024-41176

View full CERT@VDE advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/4fc53046-33a4-4bab-b221-4af82e6ed4bc