CNNVD-202601-4562 Information
CNNVD ID
CNNVD-202601-4562
Related CVE
- CNNVD Published: 2026-01-27
Description (Chinese)
Beckhoff Automation Beckhoff.Device.Manager.XAR等都是美国Beckhoff Automation公司的产品。Beckhoff Automation Beckhoff.Device.Manager.XAR是一个用于远程管理和控制器配置的核心组件。Beckhoff Automation MDP software package for TwinCAT/BSD是一个硬件诊断和系统管理的核心组件。Beckhoff Automation mdp-bhf software package Beckhoff RT Linux是一个硬件信息软件包。 Beckhoff Automation多款产品存在缓冲区错误漏洞,该漏洞源于Device Manager Web服务对特制调用处理不当,可能导致越界读取,从而泄露特权进程内存中的机密信息。以下产品受到影响:Beckhoff.Device.Manager.XAR、MDP software package for TwinCAT/BSD和MDP for Beckhoff RT Linux(R)。
Description (English)
Beckhoff Automation Beckhoff.Device.Manager.XAR and others are products of the United States company Beckhoff Automation. Beckhoff Automation Beckhoff.Device.Manager.XAR is a core component for remote management and controller configuration. Beckhoff Automation MDP software package for TwinCAT/BSD is a core component of hardware diagnostic and system management. Beckhoff Automation mdp-bhf software package Beckhoff RT Linux is a hardware information package. Beckhoff Automation has a buffer zone error loophole, which stems from the inappropriate handling of ad hoc calls by the Device Manager Web service, which may lead to cross-border access, thereby disclosing confidential information contained in the privileged process. The following products were affected: Beckhoff.Device.Manager.XAR, MDP software package for TwinCAT/BSD and MDP for Beckhoff RT Linux (R).
Hazard Level
High
Vulnerability Type
缓冲区错误
Affected Vendor
Beckhoff Automation
Published
2026-01-27
Last Modified
2026-02-24
References
https://certvde.com/de/advisories/VDE-2025-092 https://access.redhat.com/security/cve/cve-2025-41728
Patch
https://www.beckhoff.com/en-us/
Share on: