CVE-2014-5414 - Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT comp

CVE-2014-5414

Summary

Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components do not restrict the number of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.

References

http://www.securityfocus.com/bid/93349
https://ics-cert.us-cert.gov/advisories/ICSA-16-278-02

Vulnerable Configurations

cpe:2.3:a:beckhoff:embedded_pc_images:-:*:*:*:*:*:*:*
cpe:2.3:a:beckhoff:embedded_pc_images:-:*:*:*:*:*:*:*
cpe:2.3:a:beckhoff:twincat:-:*:*:*:*:*:*:*
cpe:2.3:a:beckhoff:twincat:-:*:*:*:*:*:*:*

CVSS

Base:	9.4 (as of 28-11-2016 - 19:12)
Impact:
Exploitability:

CWE

CWE-254

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:N

refmap via4

bid	93349
misc	https://ics-cert.us-cert.gov/advisories/ICSA-16-278-02

Last major update

28-11-2016 - 19:12

Published

05-10-2016 - 10:59

Last modified

28-11-2016 - 19:12