Beckhoff Automation Beckhoff.Device.Manager.Xar vulnerabilities
3 known vulnerabilities affecting beckhoff_automation/beckhoff.device.manager.xar.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2025-41726P2HIGHCVSS 8.8≥ 0.0.0, < 2.5.32026-01-27
CVE-2025-41726 [HIGH] CWE-190 CVE-2025-41726: A low privileged remote attacker can execute arbitrary code by sending specially crafted calls to th
A low privileged remote attacker can execute arbitrary code by sending specially crafted calls to the web service of the Device Manager or locally via an API and can cause integer overflows which then may lead to arbitrary code execution within privileged processes.
nvd
CVE-2025-41727P3HIGHCVSS 7.8≥ 0.0.0, < 2.5.32026-01-27
CVE-2025-41727 [HIGH] CWE-420 CVE-2025-41727: A local low privileged attacker can bypass the authentication of the Device Manager user interface,
A local low privileged attacker can bypass the authentication of the Device Manager user interface, allowing them to perform privileged operations and gain administrator access.
nvd
CVE-2025-41728P4MEDIUMCVSS 5.3≥ 0.0.0, < 2.5.32026-01-27
CVE-2025-41728 [MEDIUM] CWE-125 CVE-2025-41728: A low privileged remote attacker may be able to disclose confidential information from the memory of
A low privileged remote attacker may be able to disclose confidential information from the memory of a privileged process by sending specially crafted calls to the Device Manager web service that cause an out-of-bounds read operation under certain circumstances due to ASLR and thereby potentially copy confidential information into a response.
nvd