CVE-2020-12510: Beckhoff: Privilege Escalation through TwinCat System
First published: Thu Nov 19 2020(Updated: )
The default installation path of the TwinCAT XAR 3.1 software in all versions is underneath C:\TwinCAT. If the directory does not exist it and further subdirectories are created with permissions which allow every local user to modify the content. The default installation registers TcSysUI.exe for automatic execution upon log in of a user. If a less privileged user has a local account he or she can replace TcSysUI.exe. It will be executed automatically by another user during login. This is also true for users with administrative access. Consequently, a less privileged user can trick a higher privileged user into executing code he or she modified this way. By default Beckhoff’s IPCs are shipped with TwinCAT software installed this way and with just a single local user configured. Thus the vulnerability exists if further less privileged users have been added.
Credit: info@cert.vde.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Beckhoff TwinCAT | =3.1 |
Remedy
Please consider to choose “C:\Program Files\TwinCAT” during installation of TwinCAT 3.1. If you have installed it already then please uninstall and re-install it with the changed path. Please use the custom installation for this. That will automatically protect the binaries such that they can only be modified by an administrator. Please mind that already installed projects underneath C:\TwinCAT need to be moved. It is recommended to perform a backup of the complete device before such action. For security reasons, please remove the former content of C:\TwinCAT at the end of this sequence. This will also prevent confusion.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-12510?
CVE-2020-12510 has been rated as a medium severity vulnerability due to its potential for local users to modify sensitive software files.
How do I fix CVE-2020-12510?
To fix CVE-2020-12510, ensure that the installation directory C:\TwinCAT has appropriate permissions set to restrict local user access.
What are the implications of CVE-2020-12510?
The implications of CVE-2020-12510 allow local users unauthorized access to modify the TwinCAT installation, which could lead to system instability or unauthorized operations.
Which software versions are affected by CVE-2020-12510?
CVE-2020-12510 affects all versions of Beckhoff TwinCAT Extended Automation Runtime 3.1.
Is there a patch available for CVE-2020-12510?
As of now, there is no specific patch available for CVE-2020-12510, but securing directory permissions can mitigate the vulnerability.
- agent/type
- agent/remedy
- agent/weakness
- agent/author
- agent/title
- agent/references
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/beckhoff
- canonical/beckhoff twincat
- version/beckhoff twincat/3.1