CVE-2018-7502

Name: CVE-2018-7502
Creator: NVD / NIST
Published: 2018-03-23T17:29:00.213+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.56%

Last modified Jun 17, 2026

CVE-2018-7502 is a vulnerability of currently unknown severity. Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, and TwinCAT 3.1 lack proper validation of user-supplied pointer values. An attacker who is able to execute code on the target may be able to exploit this vulnerability to obtain SYSTEM privileges.. EPSS estimates a 0.56% chance of exploitation in the next 30 days.

Description

Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, and TwinCAT 3.1 lack proper validation of user-supplied pointer values. An attacker who is able to execute code on the target may be able to exploit this vulnerability to obtain SYSTEM privileges.

Metrics

EPSS Probability

0.56%

42.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Beckhoff	Twincat	2.11
Beckhoff	Twincat	3.1
Beckhoff	Twincat C\+\+	3.1

References

http://www.securityfocus.com/bid/103487Third Party Advisory, VDB Entry
https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2018-001.pdfVendor Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-18-081-02Mitigation, Third Party Advisory, US Government Resource
https://srcincite.io/advisories/src-2018-0007/
http://www.securityfocus.com/bid/103487Third Party Advisory, VDB Entry
https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2018-001.pdfVendor Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-18-081-02Mitigation, Third Party Advisory, US Government Resource
https://srcincite.io/advisories/src-2018-0007/

Timeline

Published: Mar 23, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-7502?

How severe is CVE-2018-7502?

Severity scoring for CVE-2018-7502 is pending analysis. The EPSS model estimates a 0.56% probability of exploitation in the next 30 days.

How do I fix CVE-2018-7502?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-7502?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST