Primary

Context

Beckhoff Device Manager Privilege Escalation Vulnerability

Vulnerability

Patched

A vulnerability exists in the Beckhoff Device Manager user interface, allowing local users with low privileges to bypass authentication. This exploitation enables them to perform privileged operations and gain administrator access on Beckhoff IPC or CX devices.

Impact

Exploiting this vulnerability allows local users to escalate privileges, gaining administrator access and the ability to perform privileged operations on the device.

Remediation

Users are advised to update to version 2.5.3 of the Beckhoff Device Manager XAR tcpkg package or to version 2.5.3 of the Beckhoff IPC Diagnostics software for Windows. For TwinCAT/BSD, the MDP software package should be updated to version 1.7.0.0. Beckhoff RT Linux users should update the mdp-bhf software package to version 0.0.5-1. The MDP.dll library for Windows CE 6.0 and Embedded Compact 7 on x86 and ARM32 should also be updated to version 1.7.0.0.

Added: Jan 27, 2026, 12:22 PM

Updated: Jan 27, 2026, 3:04 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

3.3

remediation

7.7

relevance

2.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

3.3

remediation

7.7

relevance

2.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Beckhoff Device Manager Privilege Escalation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Beckhoff MDP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating