Vulnerabilites related to beckhoff - twincat
Vulnerability from fkie_nvd
Published
2018-03-23 17:29
Modified
2024-11-21 04:12
Severity ?
Summary
Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, and TwinCAT 3.1 lack proper validation of user-supplied pointer values. An attacker who is able to execute code on the target may be able to exploit this vulnerability to obtain SYSTEM privileges.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/103487 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2018-001.pdf | Vendor Advisory | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-18-081-02 | Mitigation, Third Party Advisory, US Government Resource | |
| ics-cert@hq.dhs.gov | https://srcincite.io/advisories/src-2018-0007/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/103487 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2018-001.pdf | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-18-081-02 | Mitigation, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://srcincite.io/advisories/src-2018-0007/ |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:beckhoff:twincat:2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7598766E-561F-467D-A426-2A41837CD951",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:beckhoff:twincat:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7723E250-67D8-4493-B3BA-063B63EA7DBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:beckhoff:twincat_c\\+\\+:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "30734197-FA69-42CE-9EF9-04779214F402",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, and TwinCAT 3.1 lack proper validation of user-supplied pointer values. An attacker who is able to execute code on the target may be able to exploit this vulnerability to obtain SYSTEM privileges."
},
{
"lang": "es",
"value": "Los controladores del kernel en Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259 y TwinCAT 3.1 no validan correctamente los valores de puntero proporcionados por el usuario. Un atacante que pueda ejecutar c\u00f3digo en el objetivo podr\u00eda explotar esta vulnerabilidad para obtener privilegios SYSTEM."
}
],
"id": "CVE-2018-7502",
"lastModified": "2024-11-21T04:12:15.373",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-23T17:29:00.213",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103487"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2018-001.pdf"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-081-02"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://srcincite.io/advisories/src-2018-0007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2018-001.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-081-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://srcincite.io/advisories/src-2018-0007/"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-822"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-12-19 21:15
Modified
2024-11-21 04:31
Severity ?
Summary
Beckhoff Embedded Windows PLCs through 3.1.4024.0, and Beckhoff Twincat on Windows Engineering stations, allow an attacker to achieve Remote Code Execution (as SYSTEM) via the Beckhoff ADS protocol.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:beckhoff:twincat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5CE9CAEF-7BAD-4594-A537-4CC9E4BA16D6",
"versionEndExcluding": "3.1",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:beckhoff:twincat:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4C156F0C-E0B7-42C3-9A0B-64264D0C42DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:beckhoff:twincat:3.1:build_4022:*:*:*:*:*:*",
"matchCriteriaId": "A30C25C0-DF20-4F75-B054-04CB69E4828B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:beckhoff:twincat:3.1:build_4024.0:*:*:*:*:*:*",
"matchCriteriaId": "C2C4531C-B547-4E56-AD4C-E6D65BEFEE02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Beckhoff Embedded Windows PLCs through 3.1.4024.0, and Beckhoff Twincat on Windows Engineering stations, allow an attacker to achieve Remote Code Execution (as SYSTEM) via the Beckhoff ADS protocol."
},
{
"lang": "es",
"value": "Los PLC Beckhoff Embedded Windows versiones hasta 3.1.4024.0 y Beckhoff Twincat sobre las estaciones de Windows Engineering, permiten a un atacante lograr una ejecuci\u00f3n de c\u00f3digo remota (como SYSTEM) por medio del protocolo ADS de Beckhoff."
}
],
"id": "CVE-2019-16871",
"lastModified": "2024-11-21T04:31:14.783",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-19T21:15:13.573",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2017-001.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.ic4.be/2019/12/18/beckhoff-cve-2019-16871/#more-648"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2017-001.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.ic4.be/2019/12/18/beckhoff-cve-2019-16871/#more-648"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-290"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-10-05 10:59
Modified
2025-04-12 10:46
Severity ?
Summary
Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components might allow remote attackers to obtain access via the (1) Windows CE Remote Configuration Tool, (2) CE Remote Display service, or (3) TELNET service.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/93349 | ||
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-16-278-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/93349 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-16-278-02 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| beckhoff | embedded_pc_images | - | |
| beckhoff | twincat | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:beckhoff:embedded_pc_images:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27BB7F09-2369-4C2A-9CDB-6469E59EF7E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:beckhoff:twincat:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0324B77D-8923-4C9B-8F06-535FBC758AF7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components might allow remote attackers to obtain access via the (1) Windows CE Remote Configuration Tool, (2) CE Remote Display service, or (3) TELNET service."
},
{
"lang": "es",
"value": "Im\u00e1genes Beckhoff Embedded PC en versiones anteriores a 22-10-2014 y componentes Automation Device Specification (ADS) TwinCAT podr\u00edan permitir a atacantes remotos obtener acceso a trav\u00e9s de (1) Windows CE Remote Configuration Tool, (2) servicio CE Remote Display o (3) servicio TELNET."
}
],
"id": "CVE-2014-5415",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 9.4,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 9.2,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-10-05T10:59:01.280",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"url": "http://www.securityfocus.com/bid/93349"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-278-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/93349"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-278-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-21 20:15
Modified
2024-11-21 04:45
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
When Beckhoff TwinCAT is configured to use the Profinet driver, a denial of service of the controller could be reached by sending a malformed UDP packet to the device. This issue affects TwinCAT 2 version 2304 (and prior) and TwinCAT 3.1 version 4204.0 (and prior).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| beckhoff | twincat | 3.1.4022.30 | |
| beckhoff | twincat_cx2030 | - | |
| beckhoff | twincat_cx5140 | - | |
| beckhoff | twincat | 3.1.4022.29 | |
| beckhoff | twincat_cx5140 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:beckhoff:twincat:3.1.4022.30:*:*:*:*:*:*:*",
"matchCriteriaId": "477A520F-02A3-4D28-BBF5-C4717C070966",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:beckhoff:twincat_cx2030:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A355A09-C6BE-46DC-833D-F10BB2D6D7F0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:beckhoff:twincat_cx5140:-:*:*:*:*:*:*:*",
"matchCriteriaId": "31D140D1-8A39-4AB3-A5B4-354E5A3CE3D9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:beckhoff:twincat:3.1.4022.29:*:*:*:*:*:*:*",
"matchCriteriaId": "D25AC406-30DE-4D81-A1AE-266919204EA7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:beckhoff:twincat_cx5140:-:*:*:*:*:*:*:*",
"matchCriteriaId": "31D140D1-8A39-4AB3-A5B4-354E5A3CE3D9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "When Beckhoff TwinCAT is configured to use the Profinet driver, a denial of service of the controller could be reached by sending a malformed UDP packet to the device. This issue affects TwinCAT 2 version 2304 (and prior) and TwinCAT 3.1 version 4204.0 (and prior)."
},
{
"lang": "es",
"value": "Cuando Beckhoff TwinCAT est\u00e1 configurado para usar el controlador Profinet, se puede llegar a una denegaci\u00f3n de servicio del controlador enviando un paquete UDP con formato incorrecto al dispositivo. Este problema afecta a TwinCAT 2 versi\u00f3n 2304 (y anterior) y TwinCAT 3.1 versi\u00f3n 4204.0 (y anterior)."
}
],
"id": "CVE-2019-5637",
"lastModified": "2024-11-21T04:45:17.030",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-21T20:15:15.990",
"references": [
{
"source": "cve@rapid7.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.rapid7.com/2019/10/08/r7-2019-32-denial-of-service-vulnerabilities-in-beckhoff-twincat-plc-environment-fixed/"
},
{
"source": "cve@rapid7.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2019-007.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.rapid7.com/2019/10/08/r7-2019-32-denial-of-service-vulnerabilities-in-beckhoff-twincat-plc-environment-fixed/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2019-007.pdf"
}
],
"sourceIdentifier": "cve@rapid7.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-369"
}
],
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-369"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-27 19:29
Modified
2024-11-21 03:16
Severity ?
Summary
Beckhoff TwinCAT 3 supports communication over ADS. ADS is a protocol for industrial automation in protected environments. This protocol uses user configured routes, that can be edited remotely via ADS. This special command supports encrypted authentication with username/password. The encryption uses a fixed key, that could be extracted by an attacker. Precondition of the exploitation of this weakness is network access at the moment a route is added.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2017-002.pdf | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2017-002.pdf | Mitigation, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:beckhoff:twincat:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "934FE489-5AC5-4BD9-B301-25C6FCC14206",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Beckhoff TwinCAT 3 supports communication over ADS. ADS is a protocol for industrial automation in protected environments. This protocol uses user configured routes, that can be edited remotely via ADS. This special command supports encrypted authentication with username/password. The encryption uses a fixed key, that could be extracted by an attacker. Precondition of the exploitation of this weakness is network access at the moment a route is added."
},
{
"lang": "es",
"value": "Beckhoff TwinCAT 3 soporta comunicaciones mediante ADS. ADS es un protocolo para la automatizaci\u00f3n industrial en entornos protegidos. Este protocolo emplea rutas configuradas que pueden ser editadas de forma remota mediante ADS. Este comando especial soporta la autenticaci\u00f3n cifrada con un nombre de usuario y una contrase\u00f1a. El cifrado emplea una clave fija que podr\u00eda ser extra\u00edda por un atacante. Una precondici\u00f3n para la explotaci\u00f3n de esta debilidad es contar con acceso de red en el momento en el que se a\u00f1ade una ruta."
}
],
"id": "CVE-2017-16718",
"lastModified": "2024-11-21T03:16:50.853",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-27T19:29:00.233",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2017-002.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2017-002.pdf"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-327"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-21 20:15
Modified
2024-11-21 04:45
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
When a Beckhoff TwinCAT Runtime receives a malformed UDP packet, the ADS Discovery Service shuts down. Note that the TwinCAT devices are still performing as normal. This issue affects TwinCAT 2 version 2304 (and prior) and TwinCAT 3.1 version 4204.0 (and prior).
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:beckhoff:twincat:2.0:build2304:*:*:*:*:*:*",
"matchCriteriaId": "CB711A2C-9F84-4462-82C8-296C51CC2F60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:beckhoff:twincat:3.1:build4024.0:*:*:*:*:*:*",
"matchCriteriaId": "BB46CCC9-4BF8-43CC-A382-5287F432DC9B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "When a Beckhoff TwinCAT Runtime receives a malformed UDP packet, the ADS Discovery Service shuts down. Note that the TwinCAT devices are still performing as normal. This issue affects TwinCAT 2 version 2304 (and prior) and TwinCAT 3.1 version 4204.0 (and prior)."
},
{
"lang": "es",
"value": "Cuando un Beckhoff TwinCAT Runtime recibe un paquete UDP con formato incorrecto, el servicio de descubrimiento de ADS se cierra. Tenga en cuenta que los dispositivos TwinCAT siguen funcionando normalmente. Este problema afecta a TwinCAT 2 versi\u00f3n 2304 (y anterior) y TwinCAT 3.1 versi\u00f3n 4204.0 (y anterior)."
}
],
"id": "CVE-2019-5636",
"lastModified": "2024-11-21T04:45:16.907",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-21T20:15:15.897",
"references": [
{
"source": "cve@rapid7.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.rapid7.com/2019/10/08/r7-2019-32-denial-of-service-vulnerabilities-in-beckhoff-twincat-plc-environment-fixed/"
},
{
"source": "cve@rapid7.com",
"tags": [
"Vendor Advisory"
],
"url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2019-004.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.rapid7.com/2019/10/08/r7-2019-32-denial-of-service-vulnerabilities-in-beckhoff-twincat-plc-environment-fixed/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2019-004.pdf"
}
],
"sourceIdentifier": "cve@rapid7.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-404"
}
],
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-404"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-16 14:15
Modified
2024-11-21 04:59
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Beckhoff's TwinCAT RT network driver for Intel 8254x and 8255x is providing EtherCAT functionality. The driver implements real-time features. Except for Ethernet frames sent from real-time functionality, all other Ethernet frames sent through the driver are not padded if their payload is less than the minimum Ethernet frame size. Instead, arbitrary memory content is transmitted within in the padding bytes of the frame. Most likely this memory contains slices from previously transmitted or received frames. By this method, memory content is disclosed, however, an attacker can hardly control which memory content is affected. For example, the disclosure can be provoked with small sized ICMP echo requests sent to the device.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| info@cert.vde.com | https://cert.vde.com/en-us/advisories/vde-2020-019 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/en-us/advisories/vde-2020-019 | Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:beckhoff:twincat_driver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA181C43-953B-483C-B34E-74089B1F56E2",
"versionEndIncluding": "3.1.0.3603",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:beckhoff:twincat:3.1:build_4024:*:*:*:*:*:*",
"matchCriteriaId": "833123D8-C8C4-4F0B-84E4-34149B0FFA67",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:82540em:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50C24972-C85A-4B9D-B49B-64959A3D6EA8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82540ep:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0A7B7D2-1889-4B31-A71D-6128D56A1E98",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82541ei:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF5DE70-0AFB-4C98-B394-CC01ABCC05CE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82541er:-:*:*:*:*:*:*:*",
"matchCriteriaId": "83789ECA-6CF4-4851-814B-8F3BA1B3C924",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82541gi:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AB515EAE-EA1B-4095-B98E-B993DE5478E0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82541pi:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C5722E6B-39F4-4B55-B823-0168E8206685",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82544ei:-:*:*:*:*:*:*:*",
"matchCriteriaId": "73A17337-9AA4-440C-BBDE-6022FDAB6630",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82544gc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E7FC2A9-9EA6-4B40-A768-E0F2E2B0BA01",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82545em:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7191B4EF-281A-47C9-9BD0-EC1BA936814A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82545gm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "955D2173-8388-4CD7-8481-05D16F499ED7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82546eb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52BF5F63-57A5-4794-A8B4-FE38A330FAE9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82546gb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8D7D6376-7FEC-43C7-AC1B-F5BB0AFACD24",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82547ei:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CAD4C9C7-165D-432A-9FB1-00599AB53632",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82547gi:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB8DA28-02A2-4921-BC0A-B4F41CD033BB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:beckhoff:twincat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28813786-BC07-4F45-81DD-6C82E993EBB1",
"versionEndIncluding": "3.1.0.3512",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:beckhoff:twincat:3.1:build_4022:*:*:*:*:*:*",
"matchCriteriaId": "A30C25C0-DF20-4F75-B054-04CB69E4828B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:82540em:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50C24972-C85A-4B9D-B49B-64959A3D6EA8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82540ep:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0A7B7D2-1889-4B31-A71D-6128D56A1E98",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82541ei:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF5DE70-0AFB-4C98-B394-CC01ABCC05CE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82541er:-:*:*:*:*:*:*:*",
"matchCriteriaId": "83789ECA-6CF4-4851-814B-8F3BA1B3C924",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82541gi:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AB515EAE-EA1B-4095-B98E-B993DE5478E0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82541pi:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C5722E6B-39F4-4B55-B823-0168E8206685",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82544ei:-:*:*:*:*:*:*:*",
"matchCriteriaId": "73A17337-9AA4-440C-BBDE-6022FDAB6630",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82544gc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E7FC2A9-9EA6-4B40-A768-E0F2E2B0BA01",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82545em:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7191B4EF-281A-47C9-9BD0-EC1BA936814A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82545gm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "955D2173-8388-4CD7-8481-05D16F499ED7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82546eb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52BF5F63-57A5-4794-A8B4-FE38A330FAE9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82546gb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8D7D6376-7FEC-43C7-AC1B-F5BB0AFACD24",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82547ei_:-:*:*:*:*:*:*:*",
"matchCriteriaId": "127BA9B4-1AC8-4E2A-B988-A6DB74D94005",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82547gi:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB8DA28-02A2-4921-BC0A-B4F41CD033BB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:beckhoff:twincat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EDAC8A5E-E88D-446D-8259-3DE668C733BF",
"versionEndIncluding": "2.11.0.2120",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:beckhoff:twincat:2.11:build_2350:*:*:*:*:*:*",
"matchCriteriaId": "65A29D14-486E-47E4-AEBC-8F1B61AE3C96",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:82540em:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50C24972-C85A-4B9D-B49B-64959A3D6EA8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82540ep:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0A7B7D2-1889-4B31-A71D-6128D56A1E98",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82541ei:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF5DE70-0AFB-4C98-B394-CC01ABCC05CE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82541er:-:*:*:*:*:*:*:*",
"matchCriteriaId": "83789ECA-6CF4-4851-814B-8F3BA1B3C924",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82541gi:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AB515EAE-EA1B-4095-B98E-B993DE5478E0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82541pi:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C5722E6B-39F4-4B55-B823-0168E8206685",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82544ei:-:*:*:*:*:*:*:*",
"matchCriteriaId": "73A17337-9AA4-440C-BBDE-6022FDAB6630",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82544gc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E7FC2A9-9EA6-4B40-A768-E0F2E2B0BA01",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82545em:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7191B4EF-281A-47C9-9BD0-EC1BA936814A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82545gm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "955D2173-8388-4CD7-8481-05D16F499ED7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82546eb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52BF5F63-57A5-4794-A8B4-FE38A330FAE9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82546gb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8D7D6376-7FEC-43C7-AC1B-F5BB0AFACD24",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82547ei_:-:*:*:*:*:*:*:*",
"matchCriteriaId": "127BA9B4-1AC8-4E2A-B988-A6DB74D94005",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82547gi:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB8DA28-02A2-4921-BC0A-B4F41CD033BB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:beckhoff:twincat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B2487EF-FA8E-47B7-B64E-C85074E41A5C",
"versionEndIncluding": "3.1.0.3600",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:beckhoff:twincat:3.1:build_402:*:*:*:*:*:*",
"matchCriteriaId": "DEFD2024-2C25-4CF2-8594-D5FFA6F37D4A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:82557:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B15B3AE8-CE85-4859-917F-7761D4C7E0EA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82558:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AEF15ABE-3181-46C6-A77E-01AF0F654E11",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82559:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E20AD23-1608-4BC4-A3B3-9BF6ED7975DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:beckhoff:twincat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "34EE5CBB-16DA-4047-B91B-E0EA9A88BF06",
"versionEndIncluding": "3.1.0.3500",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:beckhoff:twincat:3.1:build_4024:*:*:*:*:*:*",
"matchCriteriaId": "833123D8-C8C4-4F0B-84E4-34149B0FFA67",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:82557:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B15B3AE8-CE85-4859-917F-7761D4C7E0EA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82558:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AEF15ABE-3181-46C6-A77E-01AF0F654E11",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82559:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E20AD23-1608-4BC4-A3B3-9BF6ED7975DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:beckhoff:twincat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2B6E51B-FDD5-40F4-BBA7-FF2922696D5E",
"versionEndIncluding": "2.11.0.2117",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:beckhoff:twincat:2.11:build_2350:*:*:*:*:*:*",
"matchCriteriaId": "65A29D14-486E-47E4-AEBC-8F1B61AE3C96",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:82557:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B15B3AE8-CE85-4859-917F-7761D4C7E0EA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82558:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AEF15ABE-3181-46C6-A77E-01AF0F654E11",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82559:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E20AD23-1608-4BC4-A3B3-9BF6ED7975DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Beckhoff\u0027s TwinCAT RT network driver for Intel 8254x and 8255x is providing EtherCAT functionality. The driver implements real-time features. Except for Ethernet frames sent from real-time functionality, all other Ethernet frames sent through the driver are not padded if their payload is less than the minimum Ethernet frame size. Instead, arbitrary memory content is transmitted within in the padding bytes of the frame. Most likely this memory contains slices from previously transmitted or received frames. By this method, memory content is disclosed, however, an attacker can hardly control which memory content is affected. For example, the disclosure can be provoked with small sized ICMP echo requests sent to the device."
},
{
"lang": "es",
"value": "El controlador de red TwinCAT RT de Beckhoff para Intel 8254x y 8255x, proporciona la funcionalidad EtherCAT. El controlador implementa caracter\u00edsticas en tiempo real. A excepci\u00f3n de las tramas Ethernet enviadas desde la funcionalidad en tiempo real, todas las dem\u00e1s tramas Ethernet enviadas por medio del controlador no son rellenadas si su carga \u00fatil es menor que el tama\u00f1o m\u00ednimo de trama Ethernet. En su lugar, el contenido de memoria arbitrario es transmitido dentro de los bytes de relleno de la trama. Lo m\u00e1s probable es que esta memoria contenga segmentos de tramas transmitidas o recibidas previamente. Mediante este m\u00e9todo, se revela el contenido de la memoria, sin embargo, un atacante apenas puede controlar qu\u00e9 contenido de la memoria est\u00e1 afectado. Por ejemplo, la divulgaci\u00f3n puede ser provocada con peticiones echo ICMP de peque\u00f1o tama\u00f1o enviadas al dispositivo"
}
],
"id": "CVE-2020-12494",
"lastModified": "2024-11-21T04:59:47.893",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2020-06-16T14:15:10.977",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-019"
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-459"
}
],
"source": "info@cert.vde.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-459"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-09-16 14:28
Modified
2025-04-11 00:51
Severity ?
Summary
Beckhoff TwinCAT 2.11.0.2004 and earlier allows remote attackers to cause a denial of service via a crafted request to UDP port 48899, which triggers an out-of-bounds read.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:beckhoff:twincat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B92AE1B-8C52-49A7-9E77-D53BF2F97B82",
"versionEndIncluding": "2.11.0.2004",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:beckhoff:twincat:2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "193DDD23-9633-4FE3-87E3-CE99A6C5F0EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:beckhoff:twincat:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "47ACBF0A-C4E4-455B-972C-AC5393A4C8F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:beckhoff:twincat:2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "99B6EF62-3FFF-429B-971C-9D6471EFE89B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:beckhoff:twincat:2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8CAC2548-00B0-4394-A10F-85F28351B2F9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Beckhoff TwinCAT 2.11.0.2004 and earlier allows remote attackers to cause a denial of service via a crafted request to UDP port 48899, which triggers an out-of-bounds read."
},
{
"lang": "es",
"value": "Beckhoff TwinCAT 2.11.0.2004 y versiones anteriores permite a atacantes remotos provocar una denegaci\u00f3n de servicio a trav\u00e9s de una petici\u00f3n modificada al puerto UDP 48899, lo que provoca una lectura fuera de l\u00edmites."
}
],
"id": "CVE-2011-3486",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-09-16T14:28:11.950",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/twincat_1-adv.txt"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/75495"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/8380"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-06.pdf"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69765"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/twincat_1-adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/75495"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8380"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-06.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69765"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-27 19:29
Modified
2024-11-21 03:16
Severity ?
Summary
Beckhoff TwinCAT supports communication over ADS. ADS is a protocol for industrial automation in protected environments. ADS has not been designed to achieve security purposes and therefore does not include any encryption algorithms because of their negative effect on performance and throughput. An attacker can forge arbitrary ADS packets when legitimate ADS traffic is observable.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:beckhoff:twincat:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0324B77D-8923-4C9B-8F06-535FBC758AF7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Beckhoff TwinCAT supports communication over ADS. ADS is a protocol for industrial automation in protected environments. ADS has not been designed to achieve security purposes and therefore does not include any encryption algorithms because of their negative effect on performance and throughput. An attacker can forge arbitrary ADS packets when legitimate ADS traffic is observable."
},
{
"lang": "es",
"value": "Beckhoff TwinCAT soporta comunicaciones por ADS. ADS es un protocolo para la automatizaci\u00f3n industrial en entornos protegidos. ADS no se ha dise\u00f1ado desde el punto de vista de la seguridad y, por lo tanto, no incluye ning\u00fan algoritmo de cifrado por su efecto negativo en el rendimiento y el throughput. Un atacante podr\u00eda forjar paquetes ADS arbitrarios cuando es observable tr\u00e1fico ADS leg\u00edtimo."
}
],
"id": "CVE-2017-16726",
"lastModified": "2024-11-21T03:16:51.800",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-27T19:29:00.280",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2017-001.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2017-001.pdf"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-285"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-326"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-10-05 10:59
Modified
2025-04-12 10:46
Severity ?
Summary
Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components do not restrict the number of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/93349 | ||
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-16-278-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/93349 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-16-278-02 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| beckhoff | embedded_pc_images | - | |
| beckhoff | twincat | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:beckhoff:embedded_pc_images:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27BB7F09-2369-4C2A-9CDB-6469E59EF7E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:beckhoff:twincat:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0324B77D-8923-4C9B-8F06-535FBC758AF7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components do not restrict the number of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack."
},
{
"lang": "es",
"value": "Im\u00e1genes Beckhoff Embedded PC en versiones anteriores a 22-10-2014 y componentes Automation Device Specification (ADS) TwinCAT no restringen el n\u00famero de intentos de autenticaci\u00f3n, lo que hace m\u00e1s f\u00e1cil para atacantes remotos obtener acceso a trav\u00e9s de un ataque de fuerza bruta."
}
],
"id": "CVE-2014-5414",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 9.4,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 9.2,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-10-05T10:59:00.187",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"url": "http://www.securityfocus.com/bid/93349"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-278-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/93349"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-278-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-254"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2017-16718 (GCVE-0-2017-16718)
Vulnerability from cvelistv5
Published
2018-06-27 19:00
Modified
2024-09-16 17:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-522 - Insufficiently Protected Credentials
Summary
Beckhoff TwinCAT 3 supports communication over ADS. ADS is a protocol for industrial automation in protected environments. This protocol uses user configured routes, that can be edited remotely via ADS. This special command supports encrypted authentication with username/password. The encryption uses a fixed key, that could be extracted by an attacker. Precondition of the exploitation of this weakness is network access at the moment a route is added.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ICS-CERT | Beckhoff TwinCAT |
Version: Version 3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:35:20.926Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2017-002.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Beckhoff TwinCAT",
"vendor": "ICS-CERT",
"versions": [
{
"status": "affected",
"version": "Version 3"
}
]
}
],
"datePublic": "2018-06-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Beckhoff TwinCAT 3 supports communication over ADS. ADS is a protocol for industrial automation in protected environments. This protocol uses user configured routes, that can be edited remotely via ADS. This special command supports encrypted authentication with username/password. The encryption uses a fixed key, that could be extracted by an attacker. Precondition of the exploitation of this weakness is network access at the moment a route is added."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "Insufficiently Protected Credentials CWE-522",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-27T18:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2017-002.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-06-27T00:00:00",
"ID": "CVE-2017-16718",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Beckhoff TwinCAT",
"version": {
"version_data": [
{
"version_value": "Version 3"
}
]
}
}
]
},
"vendor_name": "ICS-CERT"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Beckhoff TwinCAT 3 supports communication over ADS. ADS is a protocol for industrial automation in protected environments. This protocol uses user configured routes, that can be edited remotely via ADS. This special command supports encrypted authentication with username/password. The encryption uses a fixed key, that could be extracted by an attacker. Precondition of the exploitation of this weakness is network access at the moment a route is added."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficiently Protected Credentials CWE-522"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2017-002.pdf",
"refsource": "MISC",
"url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2017-002.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-16718",
"datePublished": "2018-06-27T19:00:00Z",
"dateReserved": "2017-11-09T00:00:00",
"dateUpdated": "2024-09-16T17:28:00.754Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5414 (GCVE-0-2014-5414)
Vulnerability from cvelistv5
Published
2016-10-05 10:00
Modified
2024-08-06 11:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components do not restrict the number of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:49.195Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "93349",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93349"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-278-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components do not restrict the number of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "93349",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93349"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-278-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-5414",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components do not restrict the number of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93349",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93349"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-278-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-278-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-5414",
"datePublished": "2016-10-05T10:00:00",
"dateReserved": "2014-08-22T00:00:00",
"dateUpdated": "2024-08-06T11:41:49.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7502 (GCVE-0-2018-7502)
Vulnerability from cvelistv5
Published
2018-03-23 17:00
Modified
2024-09-16 17:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-822 - Untrusted Pointer Dereference
Summary
Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, and TwinCAT 3.1 lack proper validation of user-supplied pointer values. An attacker who is able to execute code on the target may be able to exploit this vulnerability to obtain SYSTEM privileges.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ICS-CERT | Beckhoff TwinCAT PLC products |
Version: TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, TwinCAT 3.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:31:04.349Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://srcincite.io/advisories/src-2018-0007/"
},
{
"name": "103487",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103487"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-081-02"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2018-001.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Beckhoff TwinCAT PLC products",
"vendor": "ICS-CERT",
"versions": [
{
"status": "affected",
"version": "TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, TwinCAT 3.1"
}
]
}
],
"datePublic": "2018-03-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, and TwinCAT 3.1 lack proper validation of user-supplied pointer values. An attacker who is able to execute code on the target may be able to exploit this vulnerability to obtain SYSTEM privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-822",
"description": "Untrusted Pointer Dereference CWE-822",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-22T19:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://srcincite.io/advisories/src-2018-0007/"
},
{
"name": "103487",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103487"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-081-02"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2018-001.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-03-22T00:00:00",
"ID": "CVE-2018-7502",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Beckhoff TwinCAT PLC products",
"version": {
"version_data": [
{
"version_value": "TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, TwinCAT 3.1"
}
]
}
}
]
},
"vendor_name": "ICS-CERT"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, and TwinCAT 3.1 lack proper validation of user-supplied pointer values. An attacker who is able to execute code on the target may be able to exploit this vulnerability to obtain SYSTEM privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted Pointer Dereference CWE-822"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://srcincite.io/advisories/src-2018-0007/",
"refsource": "MISC",
"url": "https://srcincite.io/advisories/src-2018-0007/"
},
{
"name": "103487",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103487"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-081-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-081-02"
},
{
"name": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2018-001.pdf",
"refsource": "CONFIRM",
"url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2018-001.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-7502",
"datePublished": "2018-03-23T17:00:00Z",
"dateReserved": "2018-02-26T00:00:00",
"dateUpdated": "2024-09-16T17:14:23.452Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5415 (GCVE-0-2014-5415)
Vulnerability from cvelistv5
Published
2016-10-05 10:00
Modified
2024-08-06 11:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components might allow remote attackers to obtain access via the (1) Windows CE Remote Configuration Tool, (2) CE Remote Display service, or (3) TELNET service.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:49.234Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "93349",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93349"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-278-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components might allow remote attackers to obtain access via the (1) Windows CE Remote Configuration Tool, (2) CE Remote Display service, or (3) TELNET service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "93349",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93349"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-278-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-5415",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components might allow remote attackers to obtain access via the (1) Windows CE Remote Configuration Tool, (2) CE Remote Display service, or (3) TELNET service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93349",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93349"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-278-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-278-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-5415",
"datePublished": "2016-10-05T10:00:00",
"dateReserved": "2014-08-22T00:00:00",
"dateUpdated": "2024-08-06T11:41:49.234Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5637 (GCVE-0-2019-5637)
Vulnerability from cvelistv5
Published
2019-11-21 19:16
Modified
2024-09-17 01:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-369 - Divide By Zero
Summary
When Beckhoff TwinCAT is configured to use the Profinet driver, a denial of service of the controller could be reached by sending a malformed UDP packet to the device. This issue affects TwinCAT 2 version 2304 (and prior) and TwinCAT 3.1 version 4204.0 (and prior).
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Beckhoff | TwinCAT 2 |
Version: 2304 < |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:52.050Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.rapid7.com/2019/10/08/r7-2019-32-denial-of-service-vulnerabilities-in-beckhoff-twincat-plc-environment-fixed/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2019-007.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TwinCAT 2",
"vendor": "Beckhoff",
"versions": [
{
"lessThanOrEqual": "2304",
"status": "affected",
"version": "2304",
"versionType": "custom"
}
]
},
{
"product": "TwinCAT 3.1",
"vendor": "Beckhoff",
"versions": [
{
"lessThanOrEqual": "4204.0",
"status": "affected",
"version": "4204.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered, and reported to Rapid7, by Andreas Galauner at Rapid7. It is being disclosed in accordance with Rapid7\u0027s vulnerability disclosure policy (https://www.rapid7.com/disclosure/)."
}
],
"datePublic": "2019-10-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "When Beckhoff TwinCAT is configured to use the Profinet driver, a denial of service of the controller could be reached by sending a malformed UDP packet to the device. This issue affects TwinCAT 2 version 2304 (and prior) and TwinCAT 3.1 version 4204.0 (and prior)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-369",
"description": "CWE-369 Divide By Zero",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-04T22:58:40",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.rapid7.com/2019/10/08/r7-2019-32-denial-of-service-vulnerabilities-in-beckhoff-twincat-plc-environment-fixed/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2019-007.pdf"
}
],
"source": {
"advisory": "R7-2019-32",
"discovery": "EXTERNAL"
},
"title": "Beckhoff TwinCAT Profinet Driver Divide-by-Zero Denial of Service",
"x_generator": {
"engine": "Vulnogram 0.0.8"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2019-10-08T14:05:00.000Z",
"ID": "CVE-2019-5637",
"STATE": "PUBLIC",
"TITLE": "Beckhoff TwinCAT Profinet Driver Divide-by-Zero Denial of Service"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TwinCAT 2",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2304",
"version_value": "2304"
}
]
}
},
{
"product_name": "TwinCAT 3.1",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "4204.0",
"version_value": "4204.0"
}
]
}
}
]
},
"vendor_name": "Beckhoff"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered, and reported to Rapid7, by Andreas Galauner at Rapid7. It is being disclosed in accordance with Rapid7\u0027s vulnerability disclosure policy (https://www.rapid7.com/disclosure/)."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When Beckhoff TwinCAT is configured to use the Profinet driver, a denial of service of the controller could be reached by sending a malformed UDP packet to the device. This issue affects TwinCAT 2 version 2304 (and prior) and TwinCAT 3.1 version 4204.0 (and prior)."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-369 Divide By Zero"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.rapid7.com/2019/10/08/r7-2019-32-denial-of-service-vulnerabilities-in-beckhoff-twincat-plc-environment-fixed/",
"refsource": "MISC",
"url": "https://blog.rapid7.com/2019/10/08/r7-2019-32-denial-of-service-vulnerabilities-in-beckhoff-twincat-plc-environment-fixed/"
},
{
"name": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2019-007.pdf",
"refsource": "CONFIRM",
"url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2019-007.pdf"
}
]
},
"source": {
"advisory": "R7-2019-32",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2019-5637",
"datePublished": "2019-11-21T19:16:13.344360Z",
"dateReserved": "2019-01-07T00:00:00",
"dateUpdated": "2024-09-17T01:35:41.695Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-16871 (GCVE-0-2019-16871)
Vulnerability from cvelistv5
Published
2019-12-19 20:42
Modified
2024-08-05 01:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Beckhoff Embedded Windows PLCs through 3.1.4024.0, and Beckhoff Twincat on Windows Engineering stations, allow an attacker to achieve Remote Code Execution (as SYSTEM) via the Beckhoff ADS protocol.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:24:47.257Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ic4.be/2019/12/18/beckhoff-cve-2019-16871/#more-648"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2017-001.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Beckhoff Embedded Windows PLCs through 3.1.4024.0, and Beckhoff Twincat on Windows Engineering stations, allow an attacker to achieve Remote Code Execution (as SYSTEM) via the Beckhoff ADS protocol."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-19T20:42:28",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ic4.be/2019/12/18/beckhoff-cve-2019-16871/#more-648"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2017-001.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16871",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Beckhoff Embedded Windows PLCs through 3.1.4024.0, and Beckhoff Twincat on Windows Engineering stations, allow an attacker to achieve Remote Code Execution (as SYSTEM) via the Beckhoff ADS protocol."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ic4.be/2019/12/18/beckhoff-cve-2019-16871/#more-648",
"refsource": "MISC",
"url": "https://www.ic4.be/2019/12/18/beckhoff-cve-2019-16871/#more-648"
},
{
"name": "https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2017-001.pdf",
"refsource": "CONFIRM",
"url": "https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2017-001.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16871",
"datePublished": "2019-12-19T20:42:28",
"dateReserved": "2019-09-25T00:00:00",
"dateUpdated": "2024-08-05T01:24:47.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12494 (GCVE-0-2020-12494)
Vulnerability from cvelistv5
Published
2020-06-16 13:28
Modified
2024-08-04 11:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-459 - Incomplete Cleanup
Summary
Beckhoff's TwinCAT RT network driver for Intel 8254x and 8255x is providing EtherCAT functionality. The driver implements real-time features. Except for Ethernet frames sent from real-time functionality, all other Ethernet frames sent through the driver are not padded if their payload is less than the minimum Ethernet frame size. Instead, arbitrary memory content is transmitted within in the padding bytes of the frame. Most likely this memory contains slices from previously transmitted or received frames. By this method, memory content is disclosed, however, an attacker can hardly control which memory content is affected. For example, the disclosure can be provoked with small sized ICMP echo requests sent to the device.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Beckhoff | TwinCat Driver for Intel 8254x (Tcl8254x.sys) |
Version: unspecified < Version: unspecified < Version: unspecified < |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:56:52.090Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-019"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TwinCat Driver for Intel 8254x (Tcl8254x.sys)",
"vendor": "Beckhoff",
"versions": [
{
"lessThanOrEqual": "3.1.0.3603 for TwinCAT 3.1 4024",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "3.1.0.3512 for TwinCAT 3.1 4022",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.11.0.2120 for TwinCAT 2.11 2350",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TwinCat Driver for Intel 8255x (Tcl8255x.sys)",
"vendor": "Beckhoff",
"versions": [
{
"lessThanOrEqual": "3.1.0.3600 for TwinCAT 3.1 4024",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "3.1.0.3500 for TwinCAT 3.1 4024",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.11.0.2117 for TwinCAT 2.11 2350",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Beckhoff reported this vulnerability to CERT@VDE"
}
],
"descriptions": [
{
"lang": "en",
"value": "Beckhoff\u0027s TwinCAT RT network driver for Intel 8254x and 8255x is providing EtherCAT functionality. The driver implements real-time features. Except for Ethernet frames sent from real-time functionality, all other Ethernet frames sent through the driver are not padded if their payload is less than the minimum Ethernet frame size. Instead, arbitrary memory content is transmitted within in the padding bytes of the frame. Most likely this memory contains slices from previously transmitted or received frames. By this method, memory content is disclosed, however, an attacker can hardly control which memory content is affected. For example, the disclosure can be provoked with small sized ICMP echo requests sent to the device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-459",
"description": "CWE-459 Incomplete Cleanup",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-19T12:29:17",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-019"
}
],
"source": {
"advisory": "VDE-2020-019",
"discovery": "UNKNOWN"
},
"title": "Beckhoff: Etherleak in TwinCAT RT network driver",
"workarounds": [
{
"lang": "en",
"value": "If no real-time communication from TwinCAT is required on the Ethernet interface, then users can alternatively re-configure them to use the Intel \u00ae driver, which is shipped with Beckhoff images.\nCustomers should configure a perimeter firewall to block traffic from untrusted networks to the device, especially regarding ICMP and other small ethernet frames.\nBeckhoff offers software patches for TwinCAT 3.1 and TwinCAT 2.11 on request. These patches will be included in the the next regular releases to the affected software versions. The advisory will be updated upon availability."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "CERT@VDE",
"ASSIGNER": "info@cert.vde.com",
"ID": "CVE-2020-12494",
"STATE": "PUBLIC",
"TITLE": "Beckhoff: Etherleak in TwinCAT RT network driver"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TwinCat Driver for Intel 8254x (Tcl8254x.sys)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "3.1.0.3603 for TwinCAT 3.1 4024"
},
{
"version_affected": "\u003c=",
"version_value": "3.1.0.3512 for TwinCAT 3.1 4022"
},
{
"version_affected": "\u003c=",
"version_value": "2.11.0.2120 for TwinCAT 2.11 2350"
}
]
}
},
{
"product_name": "TwinCat Driver for Intel 8255x (Tcl8255x.sys)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "3.1.0.3600 for TwinCAT 3.1 4024"
},
{
"version_affected": "\u003c=",
"version_value": "3.1.0.3500 for TwinCAT 3.1 4024"
},
{
"version_affected": "\u003c=",
"version_value": "2.11.0.2117 for TwinCAT 2.11 2350"
}
]
}
}
]
},
"vendor_name": "Beckhoff"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Beckhoff reported this vulnerability to CERT@VDE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Beckhoff\u0027s TwinCAT RT network driver for Intel 8254x and 8255x is providing EtherCAT functionality. The driver implements real-time features. Except for Ethernet frames sent from real-time functionality, all other Ethernet frames sent through the driver are not padded if their payload is less than the minimum Ethernet frame size. Instead, arbitrary memory content is transmitted within in the padding bytes of the frame. Most likely this memory contains slices from previously transmitted or received frames. By this method, memory content is disclosed, however, an attacker can hardly control which memory content is affected. For example, the disclosure can be provoked with small sized ICMP echo requests sent to the device."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-459 Incomplete Cleanup"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en-us/advisories/vde-2020-019",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en-us/advisories/vde-2020-019"
}
]
},
"source": {
"advisory": "VDE-2020-019",
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "If no real-time communication from TwinCAT is required on the Ethernet interface, then users can alternatively re-configure them to use the Intel \u00ae driver, which is shipped with Beckhoff images.\nCustomers should configure a perimeter firewall to block traffic from untrusted networks to the device, especially regarding ICMP and other small ethernet frames.\nBeckhoff offers software patches for TwinCAT 3.1 and TwinCAT 2.11 on request. These patches will be included in the the next regular releases to the affected software versions. The advisory will be updated upon availability."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2020-12494",
"datePublished": "2020-06-16T13:28:38",
"dateReserved": "2020-04-30T00:00:00",
"dateUpdated": "2024-08-04T11:56:52.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5636 (GCVE-0-2019-5636)
Vulnerability from cvelistv5
Published
2019-11-21 19:16
Modified
2024-09-17 03:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-404 - Improper Resource Shutdown or Release
Summary
When a Beckhoff TwinCAT Runtime receives a malformed UDP packet, the ADS Discovery Service shuts down. Note that the TwinCAT devices are still performing as normal. This issue affects TwinCAT 2 version 2304 (and prior) and TwinCAT 3.1 version 4204.0 (and prior).
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Beckhoff | TwinCAT 2 |
Version: 2304 < |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:52.163Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2019-004.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.rapid7.com/2019/10/08/r7-2019-32-denial-of-service-vulnerabilities-in-beckhoff-twincat-plc-environment-fixed/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TwinCAT 2",
"vendor": "Beckhoff",
"versions": [
{
"lessThanOrEqual": "2304",
"status": "affected",
"version": "2304",
"versionType": "custom"
}
]
},
{
"product": "TwinCAT 3.1",
"vendor": "Beckhoff",
"versions": [
{
"lessThanOrEqual": "4204.0",
"status": "affected",
"version": "4204.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered, and reported to Rapid7, by Andreas Galauner at Rapid7. It is being disclosed in accordance with Rapid7\u0027s vulnerability disclosure policy (https://www.rapid7.com/disclosure/)."
}
],
"datePublic": "2019-10-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "When a Beckhoff TwinCAT Runtime receives a malformed UDP packet, the ADS Discovery Service shuts down. Note that the TwinCAT devices are still performing as normal. This issue affects TwinCAT 2 version 2304 (and prior) and TwinCAT 3.1 version 4204.0 (and prior)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "CWE-404 Improper Resource Shutdown or Release",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-04T22:58:40",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2019-004.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.rapid7.com/2019/10/08/r7-2019-32-denial-of-service-vulnerabilities-in-beckhoff-twincat-plc-environment-fixed/"
}
],
"source": {
"advisory": "R7-2019-32",
"discovery": "EXTERNAL"
},
"title": "Beckhoff TwinCAT Discovery Service Denial of Service",
"x_generator": {
"engine": "Vulnogram 0.0.8"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2019-10-08T14:05:00.000Z",
"ID": "CVE-2019-5636",
"STATE": "PUBLIC",
"TITLE": "Beckhoff TwinCAT Discovery Service Denial of Service"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TwinCAT 2",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2304",
"version_value": "2304"
}
]
}
},
{
"product_name": "TwinCAT 3.1",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "4204.0",
"version_value": "4204.0"
}
]
}
}
]
},
"vendor_name": "Beckhoff"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered, and reported to Rapid7, by Andreas Galauner at Rapid7. It is being disclosed in accordance with Rapid7\u0027s vulnerability disclosure policy (https://www.rapid7.com/disclosure/)."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When a Beckhoff TwinCAT Runtime receives a malformed UDP packet, the ADS Discovery Service shuts down. Note that the TwinCAT devices are still performing as normal. This issue affects TwinCAT 2 version 2304 (and prior) and TwinCAT 3.1 version 4204.0 (and prior)."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-404 Improper Resource Shutdown or Release"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2019-004.pdf",
"refsource": "CONFIRM",
"url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2019-004.pdf"
},
{
"name": "https://blog.rapid7.com/2019/10/08/r7-2019-32-denial-of-service-vulnerabilities-in-beckhoff-twincat-plc-environment-fixed/",
"refsource": "MISC",
"url": "https://blog.rapid7.com/2019/10/08/r7-2019-32-denial-of-service-vulnerabilities-in-beckhoff-twincat-plc-environment-fixed/"
}
]
},
"source": {
"advisory": "R7-2019-32",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2019-5636",
"datePublished": "2019-11-21T19:16:12.913139Z",
"dateReserved": "2019-01-07T00:00:00",
"dateUpdated": "2024-09-17T03:18:42.935Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3486 (GCVE-0-2011-3486)
Vulnerability from cvelistv5
Published
2011-09-16 14:00
Modified
2024-08-06 23:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Beckhoff TwinCAT 2.11.0.2004 and earlier allows remote attackers to cause a denial of service via a crafted request to UDP port 48899, which triggers an out-of-bounds read.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:47.721Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "twincat-datagram-dos(69765)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69765"
},
{
"name": "8380",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8380"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-06.pdf"
},
{
"name": "75495",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/75495"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/twincat_1-adv.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-09-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Beckhoff TwinCAT 2.11.0.2004 and earlier allows remote attackers to cause a denial of service via a crafted request to UDP port 48899, which triggers an out-of-bounds read."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "twincat-datagram-dos(69765)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69765"
},
{
"name": "8380",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8380"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-06.pdf"
},
{
"name": "75495",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/75495"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/twincat_1-adv.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3486",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Beckhoff TwinCAT 2.11.0.2004 and earlier allows remote attackers to cause a denial of service via a crafted request to UDP port 48899, which triggers an out-of-bounds read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "twincat-datagram-dos(69765)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69765"
},
{
"name": "8380",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8380"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-06.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-06.pdf"
},
{
"name": "75495",
"refsource": "OSVDB",
"url": "http://osvdb.org/75495"
},
{
"name": "http://aluigi.altervista.org/adv/twincat_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/twincat_1-adv.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3486",
"datePublished": "2011-09-16T14:00:00",
"dateReserved": "2011-09-16T00:00:00",
"dateUpdated": "2024-08-06T23:37:47.721Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-16726 (GCVE-0-2017-16726)
Vulnerability from cvelistv5
Published
2018-06-27 19:00
Modified
2024-09-16 17:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-285 - Improper Authorization
Summary
Beckhoff TwinCAT supports communication over ADS. ADS is a protocol for industrial automation in protected environments. ADS has not been designed to achieve security purposes and therefore does not include any encryption algorithms because of their negative effect on performance and throughput. An attacker can forge arbitrary ADS packets when legitimate ADS traffic is observable.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ICS-CERT | Beckhoff TwinCAT |
Version: Version 2, Version 3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:35:20.414Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2017-001.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Beckhoff TwinCAT",
"vendor": "ICS-CERT",
"versions": [
{
"status": "affected",
"version": "Version 2, Version 3"
}
]
}
],
"datePublic": "2018-06-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Beckhoff TwinCAT supports communication over ADS. ADS is a protocol for industrial automation in protected environments. ADS has not been designed to achieve security purposes and therefore does not include any encryption algorithms because of their negative effect on performance and throughput. An attacker can forge arbitrary ADS packets when legitimate ADS traffic is observable."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "Improper Authorization CWE-285",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-03T15:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2017-001.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-06-27T00:00:00",
"ID": "CVE-2017-16726",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Beckhoff TwinCAT",
"version": {
"version_data": [
{
"version_value": "Version 2, Version 3"
}
]
}
}
]
},
"vendor_name": "ICS-CERT"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Beckhoff TwinCAT supports communication over ADS. ADS is a protocol for industrial automation in protected environments. ADS has not been designed to achieve security purposes and therefore does not include any encryption algorithms because of their negative effect on performance and throughput. An attacker can forge arbitrary ADS packets when legitimate ADS traffic is observable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authorization CWE-285"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2017-001.pdf",
"refsource": "MISC",
"url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2017-001.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-16726",
"datePublished": "2018-06-27T19:00:00Z",
"dateReserved": "2017-11-09T00:00:00",
"dateUpdated": "2024-09-16T17:08:08.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}