CNNVD-202601-3288 Information
CNNVD ID
CNNVD-202601-3288
Related CVE
- CNNVD Published: 2026-01-20
Description (Chinese)
Beckhoff Automation TwinCAT 3 HMI Server是美国Beckhoff Automation公司的一个数据传输和权限管理组件。 Beckhoff Automation TwinCAT 3 HMI Server存在跨站脚本漏洞,该漏洞源于经过身份验证的管理员可在自定义CSS字段中注入任意内容,可能导致恶意代码在登录页面和错误页面上执行。
Description (English)
Beckhoff Automation TwinCAT 3 HMI Server is a data transfer and authority management component of Beckhoff Automation, United States. Beckhoff Automation TwinCAT 3 HMI Server has a cross-site script loophole, which stems from the fact that an accredited administrator can inject random content into a custom CSS field, which may result in malicious code being executed on login and error pages.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
Beckhoff Automation
Published
2026-01-20
Last Modified
2026-02-24
References
https://certvde.com/de/advisories/VDE-2025-106 https://access.redhat.com/security/cve/cve-2025-41768
Patch
https://www.beckhoff.com/en-us/
Share on: