CVE-2021-34594
Summary
| CVE | CVE-2021-34594 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-11-04 10:15:00 UTC |
| Updated | 2021-11-06 02:40:00 UTC |
| Description | TwinCAT OPC UA Server in TF6100 and TS6100 in product versions before 4.3.48.0 or with TcOpcUaServer versions below 3.2.0.194 are prone to a relative path traversal that allow administrators to create or delete any files on the system. |
Risk And Classification
Problem Types: CWE-22
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Beckhoff | Tf6100 | - | All | All | All |
| Operating System | Beckhoff | Tf6100 Firmware | All | All | All | All |
| Hardware | Beckhoff | Ts6100 | - | All | All | All |
| Operating System | Beckhoff | Ts6100 Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| VDE-2021-051 | CERT@VDE | CONFIRM | cert.vde.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Beckhoff Automation thanks Johannes Olegård, Emre Süren, and Robert Lagerström for reporting the issue and for support and efforts with the coordinated disclosure.
There are currently no legacy QID mappings associated with this CVE.