CVE-2021-34594 — MEDIUM (6.5)

Q: How severe is CVE-2021-34594?

CVE-2021-34594 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-34594?

Check the references section above for vendor advisories and patch information. Affected products include: Beckhoff Tf6100 Firmware, Beckhoff Tf6100, Beckhoff Ts6100 Firmware, Beckhoff Ts6100.

Vulnerability Description

TwinCAT OPC UA Server in TF6100 and TS6100 in product versions before 4.3.48.0 or with TcOpcUaServer versions below 3.2.0.194 are prone to a relative path traversal that allow administrators to create or delete any files on the system.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Beckhoff	Tf6100 Firmware	< 4.3.48.0
Beckhoff	Tf6100	-
Beckhoff	Ts6100 Firmware	< 4.3.48.0
Beckhoff	Ts6100	-

Related Weaknesses (CWE)

CWE-22 CWE-23

References

https://cert.vde.com/en/advisories/VDE-2021-051/MitigationThird Party Advisory
https://cert.vde.com/en/advisories/VDE-2021-051/MitigationThird Party Advisory

FAQ

What is CVE-2021-34594?

CVE-2021-34594 is a vulnerability with a CVSS score of 6.5 (MEDIUM). TwinCAT OPC UA Server in TF6100 and TS6100 in product versions before 4.3.48.0 or with TcOpcUaServer versions below 3.2.0.194 are prone to a relative path traversal that allow administrators to create...

How severe is CVE-2021-34594?

CVE-2021-34594 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-34594?

Check the references section above for vendor advisories and patch information. Affected products include: Beckhoff Tf6100 Firmware, Beckhoff Tf6100, Beckhoff Ts6100 Firmware, Beckhoff Ts6100.