Vulnerabilites related to beckhoff - twincat
Vulnerability from fkie_nvd
Published
2018-03-23 17:29
Modified
2024-11-21 04:12
Severity ?
Summary
Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, and TwinCAT 3.1 lack proper validation of user-supplied pointer values. An attacker who is able to execute code on the target may be able to exploit this vulnerability to obtain SYSTEM privileges.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/103487 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2018-001.pdf | Vendor Advisory | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-18-081-02 | Mitigation, Third Party Advisory, US Government Resource | |
| ics-cert@hq.dhs.gov | https://srcincite.io/advisories/src-2018-0007/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/103487 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2018-001.pdf | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-18-081-02 | Mitigation, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://srcincite.io/advisories/src-2018-0007/ |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:beckhoff:twincat:2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7598766E-561F-467D-A426-2A41837CD951",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:beckhoff:twincat:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7723E250-67D8-4493-B3BA-063B63EA7DBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:beckhoff:twincat_c\\+\\+:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "30734197-FA69-42CE-9EF9-04779214F402",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, and TwinCAT 3.1 lack proper validation of user-supplied pointer values. An attacker who is able to execute code on the target may be able to exploit this vulnerability to obtain SYSTEM privileges."
},
{
"lang": "es",
"value": "Los controladores del kernel en Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259 y TwinCAT 3.1 no validan correctamente los valores de puntero proporcionados por el usuario. Un atacante que pueda ejecutar c\u00f3digo en el objetivo podr\u00eda explotar esta vulnerabilidad para obtener privilegios SYSTEM."
}
],
"id": "CVE-2018-7502",
"lastModified": "2024-11-21T04:12:15.373",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-23T17:29:00.213",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103487"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2018-001.pdf"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-081-02"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://srcincite.io/advisories/src-2018-0007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2018-001.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-081-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://srcincite.io/advisories/src-2018-0007/"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-822"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-10-05 10:59
Modified
2025-04-12 10:46
Severity ?
Summary
Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components do not restrict the number of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/93349 | ||
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-16-278-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/93349 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-16-278-02 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| beckhoff | embedded_pc_images | - | |
| beckhoff | twincat | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:beckhoff:embedded_pc_images:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27BB7F09-2369-4C2A-9CDB-6469E59EF7E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:beckhoff:twincat:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0324B77D-8923-4C9B-8F06-535FBC758AF7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components do not restrict the number of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack."
},
{
"lang": "es",
"value": "Im\u00e1genes Beckhoff Embedded PC en versiones anteriores a 22-10-2014 y componentes Automation Device Specification (ADS) TwinCAT no restringen el n\u00famero de intentos de autenticaci\u00f3n, lo que hace m\u00e1s f\u00e1cil para atacantes remotos obtener acceso a trav\u00e9s de un ataque de fuerza bruta."
}
],
"id": "CVE-2014-5414",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 9.4,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 9.2,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-10-05T10:59:00.187",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"url": "http://www.securityfocus.com/bid/93349"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-278-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/93349"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-278-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-254"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-27 19:29
Modified
2024-11-21 03:16
Severity ?
Summary
Beckhoff TwinCAT supports communication over ADS. ADS is a protocol for industrial automation in protected environments. ADS has not been designed to achieve security purposes and therefore does not include any encryption algorithms because of their negative effect on performance and throughput. An attacker can forge arbitrary ADS packets when legitimate ADS traffic is observable.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:beckhoff:twincat:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0324B77D-8923-4C9B-8F06-535FBC758AF7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Beckhoff TwinCAT supports communication over ADS. ADS is a protocol for industrial automation in protected environments. ADS has not been designed to achieve security purposes and therefore does not include any encryption algorithms because of their negative effect on performance and throughput. An attacker can forge arbitrary ADS packets when legitimate ADS traffic is observable."
},
{
"lang": "es",
"value": "Beckhoff TwinCAT soporta comunicaciones por ADS. ADS es un protocolo para la automatizaci\u00f3n industrial en entornos protegidos. ADS no se ha dise\u00f1ado desde el punto de vista de la seguridad y, por lo tanto, no incluye ning\u00fan algoritmo de cifrado por su efecto negativo en el rendimiento y el throughput. Un atacante podr\u00eda forjar paquetes ADS arbitrarios cuando es observable tr\u00e1fico ADS leg\u00edtimo."
}
],
"id": "CVE-2017-16726",
"lastModified": "2024-11-21T03:16:51.800",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-27T19:29:00.280",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2017-001.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2017-001.pdf"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-285"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-326"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-21 20:15
Modified
2024-11-21 04:45
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
When a Beckhoff TwinCAT Runtime receives a malformed UDP packet, the ADS Discovery Service shuts down. Note that the TwinCAT devices are still performing as normal. This issue affects TwinCAT 2 version 2304 (and prior) and TwinCAT 3.1 version 4204.0 (and prior).
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:beckhoff:twincat:2.0:build2304:*:*:*:*:*:*",
"matchCriteriaId": "CB711A2C-9F84-4462-82C8-296C51CC2F60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:beckhoff:twincat:3.1:build4024.0:*:*:*:*:*:*",
"matchCriteriaId": "BB46CCC9-4BF8-43CC-A382-5287F432DC9B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "When a Beckhoff TwinCAT Runtime receives a malformed UDP packet, the ADS Discovery Service shuts down. Note that the TwinCAT devices are still performing as normal. This issue affects TwinCAT 2 version 2304 (and prior) and TwinCAT 3.1 version 4204.0 (and prior)."
},
{
"lang": "es",
"value": "Cuando un Beckhoff TwinCAT Runtime recibe un paquete UDP con formato incorrecto, el servicio de descubrimiento de ADS se cierra. Tenga en cuenta que los dispositivos TwinCAT siguen funcionando normalmente. Este problema afecta a TwinCAT 2 versi\u00f3n 2304 (y anterior) y TwinCAT 3.1 versi\u00f3n 4204.0 (y anterior)."
}
],
"id": "CVE-2019-5636",
"lastModified": "2024-11-21T04:45:16.907",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-21T20:15:15.897",
"references": [
{
"source": "cve@rapid7.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.rapid7.com/2019/10/08/r7-2019-32-denial-of-service-vulnerabilities-in-beckhoff-twincat-plc-environment-fixed/"
},
{
"source": "cve@rapid7.com",
"tags": [
"Vendor Advisory"
],
"url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2019-004.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.rapid7.com/2019/10/08/r7-2019-32-denial-of-service-vulnerabilities-in-beckhoff-twincat-plc-environment-fixed/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2019-004.pdf"
}
],
"sourceIdentifier": "cve@rapid7.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-404"
}
],
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-404"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-27 19:29
Modified
2024-11-21 03:16
Severity ?
Summary
Beckhoff TwinCAT 3 supports communication over ADS. ADS is a protocol for industrial automation in protected environments. This protocol uses user configured routes, that can be edited remotely via ADS. This special command supports encrypted authentication with username/password. The encryption uses a fixed key, that could be extracted by an attacker. Precondition of the exploitation of this weakness is network access at the moment a route is added.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2017-002.pdf | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2017-002.pdf | Mitigation, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:beckhoff:twincat:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "934FE489-5AC5-4BD9-B301-25C6FCC14206",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Beckhoff TwinCAT 3 supports communication over ADS. ADS is a protocol for industrial automation in protected environments. This protocol uses user configured routes, that can be edited remotely via ADS. This special command supports encrypted authentication with username/password. The encryption uses a fixed key, that could be extracted by an attacker. Precondition of the exploitation of this weakness is network access at the moment a route is added."
},
{
"lang": "es",
"value": "Beckhoff TwinCAT 3 soporta comunicaciones mediante ADS. ADS es un protocolo para la automatizaci\u00f3n industrial en entornos protegidos. Este protocolo emplea rutas configuradas que pueden ser editadas de forma remota mediante ADS. Este comando especial soporta la autenticaci\u00f3n cifrada con un nombre de usuario y una contrase\u00f1a. El cifrado emplea una clave fija que podr\u00eda ser extra\u00edda por un atacante. Una precondici\u00f3n para la explotaci\u00f3n de esta debilidad es contar con acceso de red en el momento en el que se a\u00f1ade una ruta."
}
],
"id": "CVE-2017-16718",
"lastModified": "2024-11-21T03:16:50.853",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-27T19:29:00.233",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2017-002.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2017-002.pdf"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-327"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-16 14:15
Modified
2024-11-21 04:59
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Beckhoff's TwinCAT RT network driver for Intel 8254x and 8255x is providing EtherCAT functionality. The driver implements real-time features. Except for Ethernet frames sent from real-time functionality, all other Ethernet frames sent through the driver are not padded if their payload is less than the minimum Ethernet frame size. Instead, arbitrary memory content is transmitted within in the padding bytes of the frame. Most likely this memory contains slices from previously transmitted or received frames. By this method, memory content is disclosed, however, an attacker can hardly control which memory content is affected. For example, the disclosure can be provoked with small sized ICMP echo requests sent to the device.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| info@cert.vde.com | https://cert.vde.com/en-us/advisories/vde-2020-019 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/en-us/advisories/vde-2020-019 | Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:beckhoff:twincat_driver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA181C43-953B-483C-B34E-74089B1F56E2",
"versionEndIncluding": "3.1.0.3603",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:beckhoff:twincat:3.1:build_4024:*:*:*:*:*:*",
"matchCriteriaId": "833123D8-C8C4-4F0B-84E4-34149B0FFA67",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:82540em:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50C24972-C85A-4B9D-B49B-64959A3D6EA8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82540ep:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0A7B7D2-1889-4B31-A71D-6128D56A1E98",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82541ei:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF5DE70-0AFB-4C98-B394-CC01ABCC05CE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82541er:-:*:*:*:*:*:*:*",
"matchCriteriaId": "83789ECA-6CF4-4851-814B-8F3BA1B3C924",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82541gi:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AB515EAE-EA1B-4095-B98E-B993DE5478E0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82541pi:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C5722E6B-39F4-4B55-B823-0168E8206685",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82544ei:-:*:*:*:*:*:*:*",
"matchCriteriaId": "73A17337-9AA4-440C-BBDE-6022FDAB6630",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82544gc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E7FC2A9-9EA6-4B40-A768-E0F2E2B0BA01",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82545em:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7191B4EF-281A-47C9-9BD0-EC1BA936814A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82545gm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "955D2173-8388-4CD7-8481-05D16F499ED7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82546eb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52BF5F63-57A5-4794-A8B4-FE38A330FAE9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82546gb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8D7D6376-7FEC-43C7-AC1B-F5BB0AFACD24",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82547ei:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CAD4C9C7-165D-432A-9FB1-00599AB53632",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82547gi:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB8DA28-02A2-4921-BC0A-B4F41CD033BB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:beckhoff:twincat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28813786-BC07-4F45-81DD-6C82E993EBB1",
"versionEndIncluding": "3.1.0.3512",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:beckhoff:twincat:3.1:build_4022:*:*:*:*:*:*",
"matchCriteriaId": "A30C25C0-DF20-4F75-B054-04CB69E4828B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:82540em:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50C24972-C85A-4B9D-B49B-64959A3D6EA8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82540ep:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0A7B7D2-1889-4B31-A71D-6128D56A1E98",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82541ei:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF5DE70-0AFB-4C98-B394-CC01ABCC05CE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82541er:-:*:*:*:*:*:*:*",
"matchCriteriaId": "83789ECA-6CF4-4851-814B-8F3BA1B3C924",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82541gi:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AB515EAE-EA1B-4095-B98E-B993DE5478E0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82541pi:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C5722E6B-39F4-4B55-B823-0168E8206685",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82544ei:-:*:*:*:*:*:*:*",
"matchCriteriaId": "73A17337-9AA4-440C-BBDE-6022FDAB6630",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82544gc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E7FC2A9-9EA6-4B40-A768-E0F2E2B0BA01",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82545em:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7191B4EF-281A-47C9-9BD0-EC1BA936814A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82545gm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "955D2173-8388-4CD7-8481-05D16F499ED7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82546eb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52BF5F63-57A5-4794-A8B4-FE38A330FAE9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82546gb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8D7D6376-7FEC-43C7-AC1B-F5BB0AFACD24",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82547ei_:-:*:*:*:*:*:*:*",
"matchCriteriaId": "127BA9B4-1AC8-4E2A-B988-A6DB74D94005",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82547gi:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB8DA28-02A2-4921-BC0A-B4F41CD033BB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:beckhoff:twincat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EDAC8A5E-E88D-446D-8259-3DE668C733BF",
"versionEndIncluding": "2.11.0.2120",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:beckhoff:twincat:2.11:build_2350:*:*:*:*:*:*",
"matchCriteriaId": "65A29D14-486E-47E4-AEBC-8F1B61AE3C96",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:82540em:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50C24972-C85A-4B9D-B49B-64959A3D6EA8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82540ep:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0A7B7D2-1889-4B31-A71D-6128D56A1E98",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82541ei:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF5DE70-0AFB-4C98-B394-CC01ABCC05CE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82541er:-:*:*:*:*:*:*:*",
"matchCriteriaId": "83789ECA-6CF4-4851-814B-8F3BA1B3C924",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82541gi:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AB515EAE-EA1B-4095-B98E-B993DE5478E0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82541pi:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C5722E6B-39F4-4B55-B823-0168E8206685",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82544ei:-:*:*:*:*:*:*:*",
"matchCriteriaId": "73A17337-9AA4-440C-BBDE-6022FDAB6630",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82544gc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E7FC2A9-9EA6-4B40-A768-E0F2E2B0BA01",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82545em:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7191B4EF-281A-47C9-9BD0-EC1BA936814A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82545gm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "955D2173-8388-4CD7-8481-05D16F499ED7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82546eb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52BF5F63-57A5-4794-A8B4-FE38A330FAE9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82546gb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8D7D6376-7FEC-43C7-AC1B-F5BB0AFACD24",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82547ei_:-:*:*:*:*:*:*:*",
"matchCriteriaId": "127BA9B4-1AC8-4E2A-B988-A6DB74D94005",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82547gi:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB8DA28-02A2-4921-BC0A-B4F41CD033BB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:beckhoff:twincat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B2487EF-FA8E-47B7-B64E-C85074E41A5C",
"versionEndIncluding": "3.1.0.3600",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:beckhoff:twincat:3.1:build_402:*:*:*:*:*:*",
"matchCriteriaId": "DEFD2024-2C25-4CF2-8594-D5FFA6F37D4A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:82557:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B15B3AE8-CE85-4859-917F-7761D4C7E0EA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82558:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AEF15ABE-3181-46C6-A77E-01AF0F654E11",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82559:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E20AD23-1608-4BC4-A3B3-9BF6ED7975DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:beckhoff:twincat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "34EE5CBB-16DA-4047-B91B-E0EA9A88BF06",
"versionEndIncluding": "3.1.0.3500",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:beckhoff:twincat:3.1:build_4024:*:*:*:*:*:*",
"matchCriteriaId": "833123D8-C8C4-4F0B-84E4-34149B0FFA67",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:82557:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B15B3AE8-CE85-4859-917F-7761D4C7E0EA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82558:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AEF15ABE-3181-46C6-A77E-01AF0F654E11",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82559:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E20AD23-1608-4BC4-A3B3-9BF6ED7975DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:beckhoff:twincat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2B6E51B-FDD5-40F4-BBA7-FF2922696D5E",
"versionEndIncluding": "2.11.0.2117",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:beckhoff:twincat:2.11:build_2350:*:*:*:*:*:*",
"matchCriteriaId": "65A29D14-486E-47E4-AEBC-8F1B61AE3C96",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:82557:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B15B3AE8-CE85-4859-917F-7761D4C7E0EA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82558:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AEF15ABE-3181-46C6-A77E-01AF0F654E11",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:82559:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E20AD23-1608-4BC4-A3B3-9BF6ED7975DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Beckhoff\u0027s TwinCAT RT network driver for Intel 8254x and 8255x is providing EtherCAT functionality. The driver implements real-time features. Except for Ethernet frames sent from real-time functionality, all other Ethernet frames sent through the driver are not padded if their payload is less than the minimum Ethernet frame size. Instead, arbitrary memory content is transmitted within in the padding bytes of the frame. Most likely this memory contains slices from previously transmitted or received frames. By this method, memory content is disclosed, however, an attacker can hardly control which memory content is affected. For example, the disclosure can be provoked with small sized ICMP echo requests sent to the device."
},
{
"lang": "es",
"value": "El controlador de red TwinCAT RT de Beckhoff para Intel 8254x y 8255x, proporciona la funcionalidad EtherCAT. El controlador implementa caracter\u00edsticas en tiempo real. A excepci\u00f3n de las tramas Ethernet enviadas desde la funcionalidad en tiempo real, todas las dem\u00e1s tramas Ethernet enviadas por medio del controlador no son rellenadas si su carga \u00fatil es menor que el tama\u00f1o m\u00ednimo de trama Ethernet. En su lugar, el contenido de memoria arbitrario es transmitido dentro de los bytes de relleno de la trama. Lo m\u00e1s probable es que esta memoria contenga segmentos de tramas transmitidas o recibidas previamente. Mediante este m\u00e9todo, se revela el contenido de la memoria, sin embargo, un atacante apenas puede controlar qu\u00e9 contenido de la memoria est\u00e1 afectado. Por ejemplo, la divulgaci\u00f3n puede ser provocada con peticiones echo ICMP de peque\u00f1o tama\u00f1o enviadas al dispositivo"
}
],
"id": "CVE-2020-12494",
"lastModified": "2024-11-21T04:59:47.893",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2020-06-16T14:15:10.977",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-019"
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-459"
}
],
"source": "info@cert.vde.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-459"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-09-16 14:28
Modified
2025-04-11 00:51
Severity ?
Summary
Beckhoff TwinCAT 2.11.0.2004 and earlier allows remote attackers to cause a denial of service via a crafted request to UDP port 48899, which triggers an out-of-bounds read.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:beckhoff:twincat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B92AE1B-8C52-49A7-9E77-D53BF2F97B82",
"versionEndIncluding": "2.11.0.2004",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:beckhoff:twincat:2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "193DDD23-9633-4FE3-87E3-CE99A6C5F0EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:beckhoff:twincat:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "47ACBF0A-C4E4-455B-972C-AC5393A4C8F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:beckhoff:twincat:2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "99B6EF62-3FFF-429B-971C-9D6471EFE89B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:beckhoff:twincat:2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8CAC2548-00B0-4394-A10F-85F28351B2F9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Beckhoff TwinCAT 2.11.0.2004 and earlier allows remote attackers to cause a denial of service via a crafted request to UDP port 48899, which triggers an out-of-bounds read."
},
{
"lang": "es",
"value": "Beckhoff TwinCAT 2.11.0.2004 y versiones anteriores permite a atacantes remotos provocar una denegaci\u00f3n de servicio a trav\u00e9s de una petici\u00f3n modificada al puerto UDP 48899, lo que provoca una lectura fuera de l\u00edmites."
}
],
"id": "CVE-2011-3486",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-09-16T14:28:11.950",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/twincat_1-adv.txt"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/75495"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/8380"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-06.pdf"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69765"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/twincat_1-adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/75495"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8380"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-06.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69765"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-12-19 21:15
Modified
2024-11-21 04:31
Severity ?
Summary
Beckhoff Embedded Windows PLCs through 3.1.4024.0, and Beckhoff Twincat on Windows Engineering stations, allow an attacker to achieve Remote Code Execution (as SYSTEM) via the Beckhoff ADS protocol.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:beckhoff:twincat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5CE9CAEF-7BAD-4594-A537-4CC9E4BA16D6",
"versionEndExcluding": "3.1",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:beckhoff:twincat:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4C156F0C-E0B7-42C3-9A0B-64264D0C42DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:beckhoff:twincat:3.1:build_4022:*:*:*:*:*:*",
"matchCriteriaId": "A30C25C0-DF20-4F75-B054-04CB69E4828B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:beckhoff:twincat:3.1:build_4024.0:*:*:*:*:*:*",
"matchCriteriaId": "C2C4531C-B547-4E56-AD4C-E6D65BEFEE02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Beckhoff Embedded Windows PLCs through 3.1.4024.0, and Beckhoff Twincat on Windows Engineering stations, allow an attacker to achieve Remote Code Execution (as SYSTEM) via the Beckhoff ADS protocol."
},
{
"lang": "es",
"value": "Los PLC Beckhoff Embedded Windows versiones hasta 3.1.4024.0 y Beckhoff Twincat sobre las estaciones de Windows Engineering, permiten a un atacante lograr una ejecuci\u00f3n de c\u00f3digo remota (como SYSTEM) por medio del protocolo ADS de Beckhoff."
}
],
"id": "CVE-2019-16871",
"lastModified": "2024-11-21T04:31:14.783",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-19T21:15:13.573",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2017-001.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.ic4.be/2019/12/18/beckhoff-cve-2019-16871/#more-648"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2017-001.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.ic4.be/2019/12/18/beckhoff-cve-2019-16871/#more-648"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-290"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-10-05 10:59
Modified
2025-04-12 10:46
Severity ?
Summary
Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components might allow remote attackers to obtain access via the (1) Windows CE Remote Configuration Tool, (2) CE Remote Display service, or (3) TELNET service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/93349 | ||
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-16-278-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/93349 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-16-278-02 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| beckhoff | embedded_pc_images | - | |
| beckhoff | twincat | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:beckhoff:embedded_pc_images:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27BB7F09-2369-4C2A-9CDB-6469E59EF7E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:beckhoff:twincat:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0324B77D-8923-4C9B-8F06-535FBC758AF7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components might allow remote attackers to obtain access via the (1) Windows CE Remote Configuration Tool, (2) CE Remote Display service, or (3) TELNET service."
},
{
"lang": "es",
"value": "Im\u00e1genes Beckhoff Embedded PC en versiones anteriores a 22-10-2014 y componentes Automation Device Specification (ADS) TwinCAT podr\u00edan permitir a atacantes remotos obtener acceso a trav\u00e9s de (1) Windows CE Remote Configuration Tool, (2) servicio CE Remote Display o (3) servicio TELNET."
}
],
"id": "CVE-2014-5415",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 9.4,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 9.2,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-10-05T10:59:01.280",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"url": "http://www.securityfocus.com/bid/93349"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-278-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/93349"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-278-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-21 20:15
Modified
2024-11-21 04:45
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
When Beckhoff TwinCAT is configured to use the Profinet driver, a denial of service of the controller could be reached by sending a malformed UDP packet to the device. This issue affects TwinCAT 2 version 2304 (and prior) and TwinCAT 3.1 version 4204.0 (and prior).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| beckhoff | twincat | 3.1.4022.30 | |
| beckhoff | twincat_cx2030 | - | |
| beckhoff | twincat_cx5140 | - | |
| beckhoff | twincat | 3.1.4022.29 | |
| beckhoff | twincat_cx5140 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:beckhoff:twincat:3.1.4022.30:*:*:*:*:*:*:*",
"matchCriteriaId": "477A520F-02A3-4D28-BBF5-C4717C070966",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:beckhoff:twincat_cx2030:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A355A09-C6BE-46DC-833D-F10BB2D6D7F0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:beckhoff:twincat_cx5140:-:*:*:*:*:*:*:*",
"matchCriteriaId": "31D140D1-8A39-4AB3-A5B4-354E5A3CE3D9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:beckhoff:twincat:3.1.4022.29:*:*:*:*:*:*:*",
"matchCriteriaId": "D25AC406-30DE-4D81-A1AE-266919204EA7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:beckhoff:twincat_cx5140:-:*:*:*:*:*:*:*",
"matchCriteriaId": "31D140D1-8A39-4AB3-A5B4-354E5A3CE3D9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "When Beckhoff TwinCAT is configured to use the Profinet driver, a denial of service of the controller could be reached by sending a malformed UDP packet to the device. This issue affects TwinCAT 2 version 2304 (and prior) and TwinCAT 3.1 version 4204.0 (and prior)."
},
{
"lang": "es",
"value": "Cuando Beckhoff TwinCAT est\u00e1 configurado para usar el controlador Profinet, se puede llegar a una denegaci\u00f3n de servicio del controlador enviando un paquete UDP con formato incorrecto al dispositivo. Este problema afecta a TwinCAT 2 versi\u00f3n 2304 (y anterior) y TwinCAT 3.1 versi\u00f3n 4204.0 (y anterior)."
}
],
"id": "CVE-2019-5637",
"lastModified": "2024-11-21T04:45:17.030",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-21T20:15:15.990",
"references": [
{
"source": "cve@rapid7.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.rapid7.com/2019/10/08/r7-2019-32-denial-of-service-vulnerabilities-in-beckhoff-twincat-plc-environment-fixed/"
},
{
"source": "cve@rapid7.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2019-007.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.rapid7.com/2019/10/08/r7-2019-32-denial-of-service-vulnerabilities-in-beckhoff-twincat-plc-environment-fixed/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2019-007.pdf"
}
],
"sourceIdentifier": "cve@rapid7.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-369"
}
],
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-369"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
var-201610-0667
Vulnerability from variot
Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components do not restrict the number of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) Has been identified. http://cwe.mitre.org/data/definitions/254.htmlRound robin by a third party (brute-force) Access may be gained through an attack. Beckhoff Embedded PC Images is an industrial control system that is installed in the control cabinet and can be functionally configured. A remote attacker can exploit the vulnerability to gain access by implementing a brute force attack. Multiple Beckhoff Products are prone to multiple security-bypass vulnerabilities. Successfully exploiting these issues may allow attackers to perform unauthorized actions. This may lead to other attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201610-0667",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "embedded pc images",
"scope": "eq",
"trust": 1.6,
"vendor": "beckhoff",
"version": null
},
{
"model": "twincat",
"scope": "eq",
"trust": 1.6,
"vendor": "beckhoff",
"version": null
},
{
"model": "twincat",
"scope": null,
"trust": 0.8,
"vendor": "beckhoff automation",
"version": null
},
{
"model": "embedded pc images",
"scope": "lt",
"trust": 0.8,
"vendor": "beckhoff automation",
"version": "2014-10-22 earlier"
},
{
"model": "embedded pc images",
"scope": "lt",
"trust": 0.6,
"vendor": "beckhoff",
"version": "2014-10-22"
},
{
"model": "automation device specification twincat components",
"scope": null,
"trust": 0.6,
"vendor": "beckhoff",
"version": null
},
{
"model": "twincat",
"scope": "eq",
"trust": 0.3,
"vendor": "beckhoff",
"version": "0"
},
{
"model": "embedded pc",
"scope": "eq",
"trust": 0.3,
"vendor": "beckhoff",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "embedded pc images",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "twincat",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "88e6becc-fa01-4a7f-98af-3afe1a8c3618"
},
{
"db": "CNVD",
"id": "CNVD-2016-08763"
},
{
"db": "BID",
"id": "93349"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008182"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-015"
},
{
"db": "NVD",
"id": "CVE-2014-5414"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:beckhoff:twincat",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:beckhoff:embedded_pc_images",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008182"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Marko Schuba from FH Aachen University of Applied Sciences.",
"sources": [
{
"db": "BID",
"id": "93349"
}
],
"trust": 0.3
},
"cve": "CVE-2014-5414",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 9.4,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-5414",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 9.4,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-08763",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 9.4,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "88e6becc-fa01-4a7f-98af-3afe1a8c3618",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2014-5414",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-5414",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2014-5414",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2016-08763",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201610-015",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "88e6becc-fa01-4a7f-98af-3afe1a8c3618",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "88e6becc-fa01-4a7f-98af-3afe1a8c3618"
},
{
"db": "CNVD",
"id": "CNVD-2016-08763"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008182"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-015"
},
{
"db": "NVD",
"id": "CVE-2014-5414"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components do not restrict the number of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) Has been identified. http://cwe.mitre.org/data/definitions/254.htmlRound robin by a third party (brute-force) Access may be gained through an attack. Beckhoff Embedded PC Images is an industrial control system that is installed in the control cabinet and can be functionally configured. A remote attacker can exploit the vulnerability to gain access by implementing a brute force attack. Multiple Beckhoff Products are prone to multiple security-bypass vulnerabilities. \nSuccessfully exploiting these issues may allow attackers to perform unauthorized actions. This may lead to other attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-5414"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008182"
},
{
"db": "CNVD",
"id": "CNVD-2016-08763"
},
{
"db": "BID",
"id": "93349"
},
{
"db": "IVD",
"id": "88e6becc-fa01-4a7f-98af-3afe1a8c3618"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-5414",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-16-278-02",
"trust": 3.3
},
{
"db": "BID",
"id": "93349",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2016-08763",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201610-015",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008182",
"trust": 0.8
},
{
"db": "IVD",
"id": "88E6BECC-FA01-4A7F-98AF-3AFE1A8C3618",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "88e6becc-fa01-4a7f-98af-3afe1a8c3618"
},
{
"db": "CNVD",
"id": "CNVD-2016-08763"
},
{
"db": "BID",
"id": "93349"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008182"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-015"
},
{
"db": "NVD",
"id": "CVE-2014-5414"
}
]
},
"id": "VAR-201610-0667",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "88e6becc-fa01-4a7f-98af-3afe1a8c3618"
},
{
"db": "CNVD",
"id": "CNVD-2016-08763"
}
],
"trust": 1.5916666666666668
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "88e6becc-fa01-4a7f-98af-3afe1a8c3618"
},
{
"db": "CNVD",
"id": "CNVD-2016-08763"
}
]
},
"last_update_date": "2024-11-23T21:54:26.184000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Advisory 2014-002: ADS communication port allows password bruteforce",
"trust": 0.8,
"url": "http://ftp.beckhoff.com/download/document/ipc/industrial-pc/advisory-2014-002.pdf"
},
{
"title": "Advisory 2014-003: Recommendation to change default passwords",
"trust": 0.8,
"url": "http://ftp.beckhoff.com/download/document/ipc/industrial-pc/advisory-2014-003.pdf"
},
{
"title": "Documentation about IPC Security",
"trust": 0.8,
"url": "https://download.beckhoff.com/download/Document/ipc/industrial-pc/ipc_security_en.pdf"
},
{
"title": "Advisory 2014-001: Potential misuse of several administrative services",
"trust": 0.8,
"url": "http://ftp.beckhoff.com/download/document/ipc/industrial-pc/advisory-2014-001.pdf"
},
{
"title": "Beckhoff Embedded PC Image and Automation Device Specification TwinCAT Component Security Bypass Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/82315"
},
{
"title": "Beckhoff Embedded PC Image and Automation Device Specification TwinCAT Fixes for component security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=64455"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-08763"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008182"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-015"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-254",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008182"
},
{
"db": "NVD",
"id": "CVE-2014-5414"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-278-02"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/93349"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5414"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-5414"
},
{
"trust": 0.3,
"url": "http://www.beckhoff.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-08763"
},
{
"db": "BID",
"id": "93349"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008182"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-015"
},
{
"db": "NVD",
"id": "CVE-2014-5414"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "88e6becc-fa01-4a7f-98af-3afe1a8c3618"
},
{
"db": "CNVD",
"id": "CNVD-2016-08763"
},
{
"db": "BID",
"id": "93349"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008182"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-015"
},
{
"db": "NVD",
"id": "CVE-2014-5414"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-13T00:00:00",
"db": "IVD",
"id": "88e6becc-fa01-4a7f-98af-3afe1a8c3618"
},
{
"date": "2016-10-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-08763"
},
{
"date": "2016-10-04T00:00:00",
"db": "BID",
"id": "93349"
},
{
"date": "2016-10-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008182"
},
{
"date": "2016-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-015"
},
{
"date": "2016-10-05T10:59:00.187000",
"db": "NVD",
"id": "CVE-2014-5414"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-08763"
},
{
"date": "2016-10-10T00:04:00",
"db": "BID",
"id": "93349"
},
{
"date": "2016-10-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008182"
},
{
"date": "2016-10-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-015"
},
{
"date": "2024-11-21T02:12:00.280000",
"db": "NVD",
"id": "CVE-2014-5414"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-015"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Beckhoff Embedded PC Images And automation device specifications TwinCAT Vulnerabilities that can gain access to components",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008182"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-015"
}
],
"trust": 0.6
}
}
var-201911-0393
Vulnerability from variot
When Beckhoff TwinCAT is configured to use the Profinet driver, a denial of service of the controller could be reached by sending a malformed UDP packet to the device. This issue affects TwinCAT 2 version 2304 (and prior) and TwinCAT 3.1 version 4204.0 (and prior). Beckhoff TwinCAT Contains a vulnerability related to division by zero.Service operation interruption (DoS) There is a possibility of being put into a state. Beckhoff TwinCAT is a software system consisting of a real-time environment and a real-time system that executes control programs in the development environment of the German Beckhoff company. This system is mainly used for PLC (Programmable Logic Controller) programming, diagnostics, and system configuration.
There are security vulnerabilities in Beckhoff TwinCAT 2 Build 2304 and earlier and 3.1 Build 4024.0 and earlier
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-0393",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "twincat",
"scope": "eq",
"trust": 1.6,
"vendor": "beckhoff",
"version": "3.1.4022.29"
},
{
"model": "twincat",
"scope": "eq",
"trust": 1.6,
"vendor": "beckhoff",
"version": "3.1.4022.30"
},
{
"model": "twincat",
"scope": null,
"trust": 0.8,
"vendor": "beckhoff automation",
"version": null
},
{
"model": "twincat build",
"scope": "lte",
"trust": 0.6,
"vendor": "beckhoff",
"version": "\u003c=22304"
},
{
"model": "twincat build",
"scope": "lte",
"trust": 0.6,
"vendor": "beckhoff",
"version": "\u003c=3.14024.0"
},
{
"model": "twincat cx5140",
"scope": "eq",
"trust": 0.6,
"vendor": "beckhoff",
"version": null
},
{
"model": "twincat cx2030",
"scope": "eq",
"trust": 0.6,
"vendor": "beckhoff",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02830"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012810"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1270"
},
{
"db": "NVD",
"id": "CVE-2019-5637"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:beckhoff:twincat",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012810"
}
]
},
"cve": "CVE-2019-5637",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-5637",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-02830",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-5637",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2019-012810",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-5637",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cve@rapid7.com",
"id": "CVE-2019-5637",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-5637",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-02830",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-1270",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02830"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012810"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1270"
},
{
"db": "NVD",
"id": "CVE-2019-5637"
},
{
"db": "NVD",
"id": "CVE-2019-5637"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "When Beckhoff TwinCAT is configured to use the Profinet driver, a denial of service of the controller could be reached by sending a malformed UDP packet to the device. This issue affects TwinCAT 2 version 2304 (and prior) and TwinCAT 3.1 version 4204.0 (and prior). Beckhoff TwinCAT Contains a vulnerability related to division by zero.Service operation interruption (DoS) There is a possibility of being put into a state. Beckhoff TwinCAT is a software system consisting of a real-time environment and a real-time system that executes control programs in the development environment of the German Beckhoff company. This system is mainly used for PLC (Programmable Logic Controller) programming, diagnostics, and system configuration. \n\nThere are security vulnerabilities in Beckhoff TwinCAT 2 Build 2304 and earlier and 3.1 Build 4024.0 and earlier",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5637"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012810"
},
{
"db": "CNVD",
"id": "CNVD-2020-02830"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5637",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012810",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-02830",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1270",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02830"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012810"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1270"
},
{
"db": "NVD",
"id": "CVE-2019-5637"
}
]
},
"id": "VAR-201911-0393",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02830"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02830"
}
]
},
"last_update_date": "2024-11-23T23:11:38.238000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Beckhoff SecurityAdvisory 2019-07: Denial-of-Service on TwinCAT using Profinet protocol",
"trust": 0.8,
"url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2019-007.pdf"
},
{
"title": "Patch for Beckhoff TwinCAT Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/197593"
},
{
"title": "Beckhoff TwinCAT Fixes for digital error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=104684"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02830"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012810"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1270"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-369",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012810"
},
{
"db": "NVD",
"id": "CVE-2019-5637"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5637"
},
{
"trust": 1.6,
"url": "https://download.beckhoff.com/download/document/product-security/advisories/advisory-2019-007.pdf"
},
{
"trust": 1.6,
"url": "https://blog.rapid7.com/2019/10/08/r7-2019-32-denial-of-service-vulnerabilities-in-beckhoff-twincat-plc-environment-fixed/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5637"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-02830"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012810"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1270"
},
{
"db": "NVD",
"id": "CVE-2019-5637"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-02830"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012810"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1270"
},
{
"db": "NVD",
"id": "CVE-2019-5637"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-02830"
},
{
"date": "2019-12-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012810"
},
{
"date": "2019-11-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-1270"
},
{
"date": "2019-11-21T20:15:15.990000",
"db": "NVD",
"id": "CVE-2019-5637"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-02830"
},
{
"date": "2019-12-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012810"
},
{
"date": "2020-02-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-1270"
},
{
"date": "2024-11-21T04:45:17.030000",
"db": "NVD",
"id": "CVE-2019-5637"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-1270"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Beckhoff TwinCAT Vulnerable to division by zero",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012810"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "digital error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-1270"
}
],
"trust": 0.6
}
}
var-201803-2203
Vulnerability from variot
Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, and TwinCAT 3.1 lack proper validation of user-supplied pointer values. An attacker who is able to execute code on the target may be able to exploit this vulnerability to obtain SYSTEM privileges. Beckhoff TwinCAT Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Beckhoff TwinCAT system software \"remodels\" any compatible PC into a real-time controller with a multi-PLC system, NC axis control system, programming environment and operator station, replacing traditional PLC and NC/CNC controllers and operating equipment. There is an untrusted pointer reference vulnerability in TwinCAT. Beckhoff TwinCAT is prone to multiple local privilege-escalation vulnerabilities. Beckhoff TwinCAT 2 and 3.1 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-2203",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "twincat",
"scope": "eq",
"trust": 1.9,
"vendor": "beckhoff",
"version": "3.1"
},
{
"model": "twincat",
"scope": "eq",
"trust": 1.6,
"vendor": "beckhoff",
"version": "2.11"
},
{
"model": "twincat c\\+\\+",
"scope": "eq",
"trust": 1.6,
"vendor": "beckhoff",
"version": "3.1"
},
{
"model": "twincat",
"scope": "eq",
"trust": 0.8,
"vendor": "beckhoff automation",
"version": "2.11 r3 2259"
},
{
"model": "twincat",
"scope": "eq",
"trust": 0.8,
"vendor": "beckhoff automation",
"version": "3.1"
},
{
"model": "twincat",
"scope": "eq",
"trust": 0.8,
"vendor": "beckhoff automation",
"version": "3.1 build 4022.4"
},
{
"model": "twincat build",
"scope": "lte",
"trust": 0.6,
"vendor": "beckhoff",
"version": "\u003c=3.14022.4"
},
{
"model": "twincat r3",
"scope": "lte",
"trust": 0.6,
"vendor": "beckhoff",
"version": "\u003c=2.112259"
},
{
"model": "twincat c ++/matlab",
"scope": "eq",
"trust": 0.6,
"vendor": "beckhoff",
"version": "3.1"
},
{
"model": "twincat build",
"scope": "eq",
"trust": 0.3,
"vendor": "beckhoff",
"version": "3.14022.4"
},
{
"model": "twincat build",
"scope": "eq",
"trust": 0.3,
"vendor": "beckhoff",
"version": "3.14022"
},
{
"model": "twincat r3",
"scope": "eq",
"trust": 0.3,
"vendor": "beckhoff",
"version": "2.112259"
},
{
"model": "twincat",
"scope": "eq",
"trust": 0.3,
"vendor": "beckhoff",
"version": "2"
},
{
"model": "twincat build",
"scope": "ne",
"trust": 0.3,
"vendor": "beckhoff",
"version": "3.14022.14"
},
{
"model": "twincat r3",
"scope": "ne",
"trust": 0.3,
"vendor": "beckhoff",
"version": "2.112300"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "twincat",
"version": "2.11"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "twincat",
"version": "3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "twincat c",
"version": "3.1"
}
],
"sources": [
{
"db": "IVD",
"id": "e2e9ba2e-39ab-11e9-a5b1-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06288"
},
{
"db": "BID",
"id": "103487"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003449"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-837"
},
{
"db": "NVD",
"id": "CVE-2018-7502"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:beckhoff:twincat",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-003449"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Steven Seeley of Source Incite",
"sources": [
{
"db": "BID",
"id": "103487"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-837"
}
],
"trust": 0.9
},
"cve": "CVE-2018-7502",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-7502",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2018-06288",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "e2e9ba2e-39ab-11e9-a5b1-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2018-7502",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-7502",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-7502",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2018-06288",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-837",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e2e9ba2e-39ab-11e9-a5b1-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-7502",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2e9ba2e-39ab-11e9-a5b1-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06288"
},
{
"db": "VULMON",
"id": "CVE-2018-7502"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003449"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-837"
},
{
"db": "NVD",
"id": "CVE-2018-7502"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, and TwinCAT 3.1 lack proper validation of user-supplied pointer values. An attacker who is able to execute code on the target may be able to exploit this vulnerability to obtain SYSTEM privileges. Beckhoff TwinCAT Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Beckhoff TwinCAT system software \\\"remodels\\\" any compatible PC into a real-time controller with a multi-PLC system, NC axis control system, programming environment and operator station, replacing traditional PLC and NC/CNC controllers and operating equipment. There is an untrusted pointer reference vulnerability in TwinCAT. Beckhoff TwinCAT is prone to multiple local privilege-escalation vulnerabilities. \nBeckhoff TwinCAT 2 and 3.1 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7502"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003449"
},
{
"db": "CNVD",
"id": "CNVD-2018-06288"
},
{
"db": "BID",
"id": "103487"
},
{
"db": "IVD",
"id": "e2e9ba2e-39ab-11e9-a5b1-000c29342cb1"
},
{
"db": "VULMON",
"id": "CVE-2018-7502"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7502",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-18-081-02",
"trust": 2.8
},
{
"db": "BID",
"id": "103487",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2018-06288",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201803-837",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003449",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "39182",
"trust": 0.6
},
{
"db": "IVD",
"id": "E2E9BA2E-39AB-11E9-A5B1-000C29342CB1",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2018-7502",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2e9ba2e-39ab-11e9-a5b1-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06288"
},
{
"db": "VULMON",
"id": "CVE-2018-7502"
},
{
"db": "BID",
"id": "103487"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003449"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-837"
},
{
"db": "NVD",
"id": "CVE-2018-7502"
}
]
},
"id": "VAR-201803-2203",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2e9ba2e-39ab-11e9-a5b1-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06288"
}
],
"trust": 1.675
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2e9ba2e-39ab-11e9-a5b1-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06288"
}
]
},
"last_update_date": "2024-11-23T22:52:10.477000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Advisory 2018-001: TwinCAT 2 and 3.1 Kernel Driver Privilege Escalation",
"trust": 0.8,
"url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2018-001.pdf"
},
{
"title": "Beckhoff TwinCAT patch for untrusted pointer reference vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/123311"
},
{
"title": "Beckhoff TwinCAT Kernal Fixes for driver permission and access control vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79382"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06288"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003449"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-837"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
},
{
"problemtype": "CWE-822",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-003449"
},
{
"db": "NVD",
"id": "CVE-2018-7502"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-081-02"
},
{
"trust": 2.6,
"url": "https://download.beckhoff.com/download/document/product-security/advisories/advisory-2018-001.pdf"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/103487"
},
{
"trust": 1.1,
"url": "https://srcincite.io/advisories/src-2018-0007/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7502"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7502"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/39182"
},
{
"trust": 0.3,
"url": "http://beckhoff.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-06288"
},
{
"db": "VULMON",
"id": "CVE-2018-7502"
},
{
"db": "BID",
"id": "103487"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003449"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-837"
},
{
"db": "NVD",
"id": "CVE-2018-7502"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2e9ba2e-39ab-11e9-a5b1-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06288"
},
{
"db": "VULMON",
"id": "CVE-2018-7502"
},
{
"db": "BID",
"id": "103487"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003449"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-837"
},
{
"db": "NVD",
"id": "CVE-2018-7502"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-26T00:00:00",
"db": "IVD",
"id": "e2e9ba2e-39ab-11e9-a5b1-000c29342cb1"
},
{
"date": "2018-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06288"
},
{
"date": "2018-03-23T00:00:00",
"db": "VULMON",
"id": "CVE-2018-7502"
},
{
"date": "2018-03-22T00:00:00",
"db": "BID",
"id": "103487"
},
{
"date": "2018-05-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003449"
},
{
"date": "2018-03-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-837"
},
{
"date": "2018-03-23T17:29:00.213000",
"db": "NVD",
"id": "CVE-2018-7502"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-06288"
},
{
"date": "2018-05-23T00:00:00",
"db": "VULMON",
"id": "CVE-2018-7502"
},
{
"date": "2018-03-22T00:00:00",
"db": "BID",
"id": "103487"
},
{
"date": "2018-05-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003449"
},
{
"date": "2018-03-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-837"
},
{
"date": "2024-11-21T04:12:15.373000",
"db": "NVD",
"id": "CVE-2018-7502"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "103487"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-837"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Beckhoff TwinCAT Untrusted Pointer Reference Vulnerability",
"sources": [
{
"db": "IVD",
"id": "e2e9ba2e-39ab-11e9-a5b1-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-06288"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation",
"sources": [
{
"db": "IVD",
"id": "e2e9ba2e-39ab-11e9-a5b1-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-837"
}
],
"trust": 0.8
}
}
var-201912-1212
Vulnerability from variot
Beckhoff Embedded Windows PLCs through 3.1.4024.0, and Beckhoff Twincat on Windows Engineering stations, allow an attacker to achieve Remote Code Execution (as SYSTEM) via the Beckhoff ADS protocol. Beckhoff Embedded Windows PLCs and Beckhoff Twincat Contains an input validation vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Beckhoff TwinCAT is a set of programming software for programmable logic controllers (PLCs) from the German company Beckhoff.
There are security holes in Beckhoff TwinCAT 2/3. An attacker could use the Beckhoff ADS protocol to exploit this vulnerability to execute code with SYSTEM permissions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201912-1212",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "twincat",
"scope": "eq",
"trust": 1.6,
"vendor": "beckhoff",
"version": "3.1"
},
{
"model": "twincat",
"scope": "eq",
"trust": 1.6,
"vendor": "beckhoff",
"version": "2.0"
},
{
"model": "twincat",
"scope": "lt",
"trust": 1.0,
"vendor": "beckhoff",
"version": "3.1"
},
{
"model": "twincat",
"scope": "gte",
"trust": 1.0,
"vendor": "beckhoff",
"version": "3.0"
},
{
"model": "twincat",
"scope": null,
"trust": 0.8,
"vendor": "beckhoff automation",
"version": null
},
{
"model": "twincat",
"scope": "eq",
"trust": 0.6,
"vendor": "beckhoff",
"version": "2/3"
},
{
"model": "twincat",
"scope": "eq",
"trust": 0.6,
"vendor": "beckhoff",
"version": "3.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03120"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013949"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-943"
},
{
"db": "NVD",
"id": "CVE-2019-16871"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:beckhoff:twincat",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013949"
}
]
},
"cve": "CVE-2019-16871",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2019-16871",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-03120",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-16871",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-16871",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-16871",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2019-16871",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-03120",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201912-943",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03120"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013949"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-943"
},
{
"db": "NVD",
"id": "CVE-2019-16871"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Beckhoff Embedded Windows PLCs through 3.1.4024.0, and Beckhoff Twincat on Windows Engineering stations, allow an attacker to achieve Remote Code Execution (as SYSTEM) via the Beckhoff ADS protocol. Beckhoff Embedded Windows PLCs and Beckhoff Twincat Contains an input validation vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Beckhoff TwinCAT is a set of programming software for programmable logic controllers (PLCs) from the German company Beckhoff. \n\nThere are security holes in Beckhoff TwinCAT 2/3. An attacker could use the Beckhoff ADS protocol to exploit this vulnerability to execute code with SYSTEM permissions",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-16871"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013949"
},
{
"db": "CNVD",
"id": "CNVD-2020-03120"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-16871",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013949",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-03120",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201912-943",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03120"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013949"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-943"
},
{
"db": "NVD",
"id": "CVE-2019-16871"
}
]
},
"id": "VAR-201912-1212",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03120"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03120"
}
]
},
"last_update_date": "2024-11-23T22:51:32.556000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Advisory 2017-001: ADS is only designed for use in protected environments",
"trust": 0.8,
"url": "https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2017-001.pdf"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013949"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-290",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013949"
},
{
"db": "NVD",
"id": "CVE-2019-16871"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://download.beckhoff.com/download/document/product-security/advisories/advisory-2017-001.pdf"
},
{
"trust": 1.6,
"url": "https://www.ic4.be/2019/12/18/beckhoff-cve-2019-16871/#more-648"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16871"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-16871"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-03120"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013949"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-943"
},
{
"db": "NVD",
"id": "CVE-2019-16871"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-03120"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013949"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-943"
},
{
"db": "NVD",
"id": "CVE-2019-16871"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-03120"
},
{
"date": "2020-01-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013949"
},
{
"date": "2019-12-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-943"
},
{
"date": "2019-12-19T21:15:13.573000",
"db": "NVD",
"id": "CVE-2019-16871"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-03120"
},
{
"date": "2020-01-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013949"
},
{
"date": "2020-01-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-943"
},
{
"date": "2024-11-21T04:31:14.783000",
"db": "NVD",
"id": "CVE-2019-16871"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-943"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Beckhoff Embedded Windows PLCs and Beckhoff Twincat Input validation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013949"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-943"
}
],
"trust": 0.6
}
}
var-201109-0179
Vulnerability from variot
Beckhoff TwinCAT 2.11.0.2004 and earlier allows remote attackers to cause a denial of service via a crafted request to UDP port 48899, which triggers an out-of-bounds read. Beckhoff TwinCAT is a PC-based software solution that provides complete CNC functionality. TwinCAT is prone to a denial-of-service vulnerability. Attackers can exploit this issue to crash the application, denying service to legitimate users. TwinCAT 2.11 R2 Build 2032 is vulnerable. Other versions may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201109-0179",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "twincat",
"scope": "eq",
"trust": 1.6,
"vendor": "beckhoff",
"version": "2.8"
},
{
"model": "twincat",
"scope": "eq",
"trust": 1.6,
"vendor": "beckhoff",
"version": "2.10"
},
{
"model": "twincat",
"scope": "eq",
"trust": 1.6,
"vendor": "beckhoff",
"version": "2.7"
},
{
"model": "twincat",
"scope": "eq",
"trust": 1.6,
"vendor": "beckhoff",
"version": "2.9"
},
{
"model": "twincat",
"scope": "lte",
"trust": 1.0,
"vendor": "beckhoff",
"version": "2.11.0.2004"
},
{
"model": "automation twincat r2 build",
"scope": "eq",
"trust": 0.9,
"vendor": "beckhoff",
"version": "2.112032"
},
{
"model": "twincat",
"scope": "lte",
"trust": 0.8,
"vendor": "beckhoff automation",
"version": "2.11.0.2004"
},
{
"model": "twincat",
"scope": "eq",
"trust": 0.6,
"vendor": "beckhoff",
"version": "2.11.0.2004"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "twincat",
"version": "2.7"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "twincat",
"version": "2.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "twincat",
"version": "2.9"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "twincat",
"version": "2.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "twincat",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "69bc2d86-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "a550703a-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3654"
},
{
"db": "BID",
"id": "49599"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002269"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-259"
},
{
"db": "NVD",
"id": "CVE-2011-3486"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:beckhoff:twincat",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002269"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Luigi Auriemma",
"sources": [
{
"db": "BID",
"id": "49599"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-194"
}
],
"trust": 0.9
},
"cve": "CVE-2011-3486",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2011-3486",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "69bc2d86-1f88-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "a550703a-2354-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-3486",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2011-3486",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201109-259",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "69bc2d86-1f88-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "a550703a-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "69bc2d86-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "a550703a-2354-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002269"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-259"
},
{
"db": "NVD",
"id": "CVE-2011-3486"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Beckhoff TwinCAT 2.11.0.2004 and earlier allows remote attackers to cause a denial of service via a crafted request to UDP port 48899, which triggers an out-of-bounds read. Beckhoff TwinCAT is a PC-based software solution that provides complete CNC functionality. TwinCAT is prone to a denial-of-service vulnerability. \nAttackers can exploit this issue to crash the application, denying service to legitimate users. \nTwinCAT 2.11 R2 Build 2032 is vulnerable. Other versions may also be affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-3486"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002269"
},
{
"db": "CNVD",
"id": "CNVD-2011-3654"
},
{
"db": "BID",
"id": "49599"
},
{
"db": "IVD",
"id": "69bc2d86-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "a550703a-2354-11e6-abef-000c29c66e3d"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-3486",
"trust": 3.1
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-11-256-06",
"trust": 2.4
},
{
"db": "BID",
"id": "49599",
"trust": 1.5
},
{
"db": "CNNVD",
"id": "CNNVD-201109-259",
"trust": 1.0
},
{
"db": "SREASON",
"id": "8380",
"trust": 1.0
},
{
"db": "OSVDB",
"id": "75495",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2011-3654",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002269",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201109-194",
"trust": 0.6
},
{
"db": "IVD",
"id": "69BC2D86-1F88-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "A550703A-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "69bc2d86-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "a550703a-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3654"
},
{
"db": "BID",
"id": "49599"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002269"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-194"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-259"
},
{
"db": "NVD",
"id": "CVE-2011-3486"
}
]
},
"id": "VAR-201109-0179",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "69bc2d86-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "a550703a-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3654"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "69bc2d86-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "a550703a-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3654"
}
]
},
"last_update_date": "2024-11-23T22:56:49.805000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "TwinCAT",
"trust": 0.8,
"url": "http://www.beckhoff.de/twincat/"
},
{
"title": "\u30d1\u30fc\u30c8\u30ca\u30fc\u60c5\u5831",
"trust": 0.8,
"url": "http://www.kmecs.com/products/maker_cgl.cgi?id=7"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.beckhoff.co.jp/jp/default.htm?beckhoff/contact.htm"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002269"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002269"
},
{
"db": "NVD",
"id": "CVE-2011-3486"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://aluigi.altervista.org/adv/twincat_1-adv.txt"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-11-256-06.pdf"
},
{
"trust": 1.1,
"url": "http://www.us-cert.gov/control_systems/pdf/ics-11-279-04.pdf"
},
{
"trust": 1.0,
"url": "http://securityreason.com/securityalert/8380"
},
{
"trust": 1.0,
"url": "http://osvdb.org/75495"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69765"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3486"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3486"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/49599"
},
{
"trust": 0.3,
"url": "http://www.beckhoff.de/english.asp?twincat/default.htm"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-3654"
},
{
"db": "BID",
"id": "49599"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002269"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-194"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-259"
},
{
"db": "NVD",
"id": "CVE-2011-3486"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "69bc2d86-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "a550703a-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-3654"
},
{
"db": "BID",
"id": "49599"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002269"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-194"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-259"
},
{
"db": "NVD",
"id": "CVE-2011-3486"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-09-15T00:00:00",
"db": "IVD",
"id": "69bc2d86-1f88-11e6-abef-000c29c66e3d"
},
{
"date": "2011-09-19T00:00:00",
"db": "IVD",
"id": "a550703a-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3654"
},
{
"date": "2011-09-13T00:00:00",
"db": "BID",
"id": "49599"
},
{
"date": "2011-09-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002269"
},
{
"date": "1900-01-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-194"
},
{
"date": "2011-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-259"
},
{
"date": "2011-09-16T14:28:11.950000",
"db": "NVD",
"id": "CVE-2011-3486"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-3654"
},
{
"date": "2011-10-11T17:00:00",
"db": "BID",
"id": "49599"
},
{
"date": "2012-02-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002269"
},
{
"date": "2011-09-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-194"
},
{
"date": "2011-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201109-259"
},
{
"date": "2024-11-21T01:30:34.403000",
"db": "NVD",
"id": "CVE-2011-3486"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201109-194"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-259"
}
],
"trust": 1.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TwinCAT \u0027TCATSysSrv.exe\u0027 Network Packet Denial of Service Vulnerability",
"sources": [
{
"db": "BID",
"id": "49599"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-194"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "69bc2d86-1f88-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "a550703a-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201109-259"
}
],
"trust": 1.0
}
}
var-201610-0668
Vulnerability from variot
Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components might allow remote attackers to obtain access via the (1) Windows CE Remote Configuration Tool, (2) CE Remote Display service, or (3) TELNET service. Beckhoff Embedded PC Images is an industrial control system that is installed in the control cabinet and can be functionally configured. Automation Device Specification (ADS) TwinCAT Components is a PC real-time controller software product. Beckhoff Embedded PC images have a security vulnerability in versions prior to 2014-10-22 and in the Automation Device Specificatios TwinCAT component. Multiple Beckhoff Products are prone to multiple security-bypass vulnerabilities. Successfully exploiting these issues may allow attackers to perform unauthorized actions. This may lead to other attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201610-0668",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "embedded pc images",
"scope": "eq",
"trust": 1.6,
"vendor": "beckhoff",
"version": null
},
{
"model": "twincat",
"scope": "eq",
"trust": 1.6,
"vendor": "beckhoff",
"version": null
},
{
"model": "twincat",
"scope": null,
"trust": 0.8,
"vendor": "beckhoff automation",
"version": null
},
{
"model": "embedded pc images",
"scope": "lt",
"trust": 0.8,
"vendor": "beckhoff automation",
"version": "2014-10-22 earlier"
},
{
"model": "embedded pc images",
"scope": "lt",
"trust": 0.6,
"vendor": "beckhoff",
"version": "2014-10-22"
},
{
"model": "automation device specification twincat components",
"scope": null,
"trust": 0.6,
"vendor": "beckhoff",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "embedded pc images",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "twincat",
"version": null
},
{
"model": "twincat",
"scope": "eq",
"trust": 0.3,
"vendor": "beckhoff",
"version": "0"
},
{
"model": "embedded pc",
"scope": "eq",
"trust": 0.3,
"vendor": "beckhoff",
"version": "0"
}
],
"sources": [
{
"db": "IVD",
"id": "7d722f71-463f-11e9-8b02-000c29342cb1"
},
{
"db": "IVD",
"id": "0e4c5094-4469-481e-b710-ff49b9bc9bf0"
},
{
"db": "CNVD",
"id": "CNVD-2016-08764"
},
{
"db": "BID",
"id": "93349"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008183"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-014"
},
{
"db": "NVD",
"id": "CVE-2014-5415"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:beckhoff:twincat",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:beckhoff:embedded_pc_images",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008183"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Marko Schuba from FH Aachen University of Applied Sciences.",
"sources": [
{
"db": "BID",
"id": "93349"
}
],
"trust": 0.3
},
"cve": "CVE-2014-5415",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 9.4,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-5415",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 9.4,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-08764",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 9.4,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "7d722f71-463f-11e9-8b02-000c29342cb1",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 9.4,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "0e4c5094-4469-481e-b710-ff49b9bc9bf0",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2014-5415",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-5415",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2014-5415",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2016-08764",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201610-014",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "7d722f71-463f-11e9-8b02-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "0e4c5094-4469-481e-b710-ff49b9bc9bf0",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d722f71-463f-11e9-8b02-000c29342cb1"
},
{
"db": "IVD",
"id": "0e4c5094-4469-481e-b710-ff49b9bc9bf0"
},
{
"db": "CNVD",
"id": "CNVD-2016-08764"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008183"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-014"
},
{
"db": "NVD",
"id": "CVE-2014-5415"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components might allow remote attackers to obtain access via the (1) Windows CE Remote Configuration Tool, (2) CE Remote Display service, or (3) TELNET service. Beckhoff Embedded PC Images is an industrial control system that is installed in the control cabinet and can be functionally configured. Automation Device Specification (ADS) TwinCAT Components is a PC real-time controller software product. Beckhoff Embedded PC images have a security vulnerability in versions prior to 2014-10-22 and in the Automation Device Specificatios TwinCAT component. Multiple Beckhoff Products are prone to multiple security-bypass vulnerabilities. \nSuccessfully exploiting these issues may allow attackers to perform unauthorized actions. This may lead to other attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-5415"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008183"
},
{
"db": "CNVD",
"id": "CNVD-2016-08764"
},
{
"db": "BID",
"id": "93349"
},
{
"db": "IVD",
"id": "7d722f71-463f-11e9-8b02-000c29342cb1"
},
{
"db": "IVD",
"id": "0e4c5094-4469-481e-b710-ff49b9bc9bf0"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-5415",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSA-16-278-02",
"trust": 3.3
},
{
"db": "BID",
"id": "93349",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2016-08764",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201610-014",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008183",
"trust": 0.8
},
{
"db": "IVD",
"id": "7D722F71-463F-11E9-8B02-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "0E4C5094-4469-481E-B710-FF49B9BC9BF0",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "7d722f71-463f-11e9-8b02-000c29342cb1"
},
{
"db": "IVD",
"id": "0e4c5094-4469-481e-b710-ff49b9bc9bf0"
},
{
"db": "CNVD",
"id": "CNVD-2016-08764"
},
{
"db": "BID",
"id": "93349"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008183"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-014"
},
{
"db": "NVD",
"id": "CVE-2014-5415"
}
]
},
"id": "VAR-201610-0668",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d722f71-463f-11e9-8b02-000c29342cb1"
},
{
"db": "IVD",
"id": "0e4c5094-4469-481e-b710-ff49b9bc9bf0"
},
{
"db": "CNVD",
"id": "CNVD-2016-08764"
}
],
"trust": 1.7916666666666665
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "7d722f71-463f-11e9-8b02-000c29342cb1"
},
{
"db": "IVD",
"id": "0e4c5094-4469-481e-b710-ff49b9bc9bf0"
},
{
"db": "CNVD",
"id": "CNVD-2016-08764"
}
]
},
"last_update_date": "2024-11-23T21:54:26.144000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Advisory 2014-002: ADS communication port allows password bruteforce",
"trust": 0.8,
"url": "http://ftp.beckhoff.com/download/document/ipc/industrial-pc/advisory-2014-002.pdf"
},
{
"title": "Advisory 2014-003: Recommendation to change default passwords",
"trust": 0.8,
"url": "http://ftp.beckhoff.com/download/document/ipc/industrial-pc/advisory-2014-003.pdf"
},
{
"title": "Documentation about IPC Security",
"trust": 0.8,
"url": "https://download.beckhoff.com/download/Document/ipc/industrial-pc/ipc_security_en.pdf"
},
{
"title": "Advisory 2014-001: Potential misuse of several administrative services",
"trust": 0.8,
"url": "http://ftp.beckhoff.com/download/document/ipc/industrial-pc/advisory-2014-001.pdf"
},
{
"title": "Patch for Beckhoff Embedded PC Image and Automation Device Specification TwinCAT Component Security Bypass Vulnerability (CNVD-2016-08764)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/82316"
},
{
"title": "Beckhoff Embedded PC Image and Automation Device Specification TwinCAT Fixes for component security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=64454"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-08764"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008183"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-014"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008183"
},
{
"db": "NVD",
"id": "CVE-2014-5415"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-278-02"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/93349"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5415"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-5415"
},
{
"trust": 0.3,
"url": "http://www.beckhoff.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-08764"
},
{
"db": "BID",
"id": "93349"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008183"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-014"
},
{
"db": "NVD",
"id": "CVE-2014-5415"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d722f71-463f-11e9-8b02-000c29342cb1"
},
{
"db": "IVD",
"id": "0e4c5094-4469-481e-b710-ff49b9bc9bf0"
},
{
"db": "CNVD",
"id": "CNVD-2016-08764"
},
{
"db": "BID",
"id": "93349"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008183"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-014"
},
{
"db": "NVD",
"id": "CVE-2014-5415"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-13T00:00:00",
"db": "IVD",
"id": "7d722f71-463f-11e9-8b02-000c29342cb1"
},
{
"date": "2016-10-13T00:00:00",
"db": "IVD",
"id": "0e4c5094-4469-481e-b710-ff49b9bc9bf0"
},
{
"date": "2016-10-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-08764"
},
{
"date": "2016-10-04T00:00:00",
"db": "BID",
"id": "93349"
},
{
"date": "2016-10-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008183"
},
{
"date": "2016-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-014"
},
{
"date": "2016-10-05T10:59:01.280000",
"db": "NVD",
"id": "CVE-2014-5415"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-08764"
},
{
"date": "2016-10-10T00:04:00",
"db": "BID",
"id": "93349"
},
{
"date": "2016-10-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008183"
},
{
"date": "2016-10-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-014"
},
{
"date": "2024-11-21T02:12:00.403000",
"db": "NVD",
"id": "CVE-2014-5415"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-014"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Beckhoff Embedded PC Images And automation device specifications TwinCAT Vulnerabilities that can gain access to components",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008183"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-014"
}
],
"trust": 0.6
}
}
CVE-2019-5637 (GCVE-0-2019-5637)
Vulnerability from cvelistv5
Published
2019-11-21 19:16
Modified
2024-09-17 01:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-369 - Divide By Zero
Summary
When Beckhoff TwinCAT is configured to use the Profinet driver, a denial of service of the controller could be reached by sending a malformed UDP packet to the device. This issue affects TwinCAT 2 version 2304 (and prior) and TwinCAT 3.1 version 4204.0 (and prior).
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Beckhoff | TwinCAT 2 |
Version: 2304 < |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:52.050Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.rapid7.com/2019/10/08/r7-2019-32-denial-of-service-vulnerabilities-in-beckhoff-twincat-plc-environment-fixed/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2019-007.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TwinCAT 2",
"vendor": "Beckhoff",
"versions": [
{
"lessThanOrEqual": "2304",
"status": "affected",
"version": "2304",
"versionType": "custom"
}
]
},
{
"product": "TwinCAT 3.1",
"vendor": "Beckhoff",
"versions": [
{
"lessThanOrEqual": "4204.0",
"status": "affected",
"version": "4204.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered, and reported to Rapid7, by Andreas Galauner at Rapid7. It is being disclosed in accordance with Rapid7\u0027s vulnerability disclosure policy (https://www.rapid7.com/disclosure/)."
}
],
"datePublic": "2019-10-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "When Beckhoff TwinCAT is configured to use the Profinet driver, a denial of service of the controller could be reached by sending a malformed UDP packet to the device. This issue affects TwinCAT 2 version 2304 (and prior) and TwinCAT 3.1 version 4204.0 (and prior)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-369",
"description": "CWE-369 Divide By Zero",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-04T22:58:40",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.rapid7.com/2019/10/08/r7-2019-32-denial-of-service-vulnerabilities-in-beckhoff-twincat-plc-environment-fixed/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2019-007.pdf"
}
],
"source": {
"advisory": "R7-2019-32",
"discovery": "EXTERNAL"
},
"title": "Beckhoff TwinCAT Profinet Driver Divide-by-Zero Denial of Service",
"x_generator": {
"engine": "Vulnogram 0.0.8"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2019-10-08T14:05:00.000Z",
"ID": "CVE-2019-5637",
"STATE": "PUBLIC",
"TITLE": "Beckhoff TwinCAT Profinet Driver Divide-by-Zero Denial of Service"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TwinCAT 2",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2304",
"version_value": "2304"
}
]
}
},
{
"product_name": "TwinCAT 3.1",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "4204.0",
"version_value": "4204.0"
}
]
}
}
]
},
"vendor_name": "Beckhoff"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered, and reported to Rapid7, by Andreas Galauner at Rapid7. It is being disclosed in accordance with Rapid7\u0027s vulnerability disclosure policy (https://www.rapid7.com/disclosure/)."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When Beckhoff TwinCAT is configured to use the Profinet driver, a denial of service of the controller could be reached by sending a malformed UDP packet to the device. This issue affects TwinCAT 2 version 2304 (and prior) and TwinCAT 3.1 version 4204.0 (and prior)."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-369 Divide By Zero"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.rapid7.com/2019/10/08/r7-2019-32-denial-of-service-vulnerabilities-in-beckhoff-twincat-plc-environment-fixed/",
"refsource": "MISC",
"url": "https://blog.rapid7.com/2019/10/08/r7-2019-32-denial-of-service-vulnerabilities-in-beckhoff-twincat-plc-environment-fixed/"
},
{
"name": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2019-007.pdf",
"refsource": "CONFIRM",
"url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2019-007.pdf"
}
]
},
"source": {
"advisory": "R7-2019-32",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2019-5637",
"datePublished": "2019-11-21T19:16:13.344360Z",
"dateReserved": "2019-01-07T00:00:00",
"dateUpdated": "2024-09-17T01:35:41.695Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5636 (GCVE-0-2019-5636)
Vulnerability from cvelistv5
Published
2019-11-21 19:16
Modified
2024-09-17 03:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-404 - Improper Resource Shutdown or Release
Summary
When a Beckhoff TwinCAT Runtime receives a malformed UDP packet, the ADS Discovery Service shuts down. Note that the TwinCAT devices are still performing as normal. This issue affects TwinCAT 2 version 2304 (and prior) and TwinCAT 3.1 version 4204.0 (and prior).
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Beckhoff | TwinCAT 2 |
Version: 2304 < |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:52.163Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2019-004.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.rapid7.com/2019/10/08/r7-2019-32-denial-of-service-vulnerabilities-in-beckhoff-twincat-plc-environment-fixed/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TwinCAT 2",
"vendor": "Beckhoff",
"versions": [
{
"lessThanOrEqual": "2304",
"status": "affected",
"version": "2304",
"versionType": "custom"
}
]
},
{
"product": "TwinCAT 3.1",
"vendor": "Beckhoff",
"versions": [
{
"lessThanOrEqual": "4204.0",
"status": "affected",
"version": "4204.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered, and reported to Rapid7, by Andreas Galauner at Rapid7. It is being disclosed in accordance with Rapid7\u0027s vulnerability disclosure policy (https://www.rapid7.com/disclosure/)."
}
],
"datePublic": "2019-10-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "When a Beckhoff TwinCAT Runtime receives a malformed UDP packet, the ADS Discovery Service shuts down. Note that the TwinCAT devices are still performing as normal. This issue affects TwinCAT 2 version 2304 (and prior) and TwinCAT 3.1 version 4204.0 (and prior)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "CWE-404 Improper Resource Shutdown or Release",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-04T22:58:40",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2019-004.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.rapid7.com/2019/10/08/r7-2019-32-denial-of-service-vulnerabilities-in-beckhoff-twincat-plc-environment-fixed/"
}
],
"source": {
"advisory": "R7-2019-32",
"discovery": "EXTERNAL"
},
"title": "Beckhoff TwinCAT Discovery Service Denial of Service",
"x_generator": {
"engine": "Vulnogram 0.0.8"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2019-10-08T14:05:00.000Z",
"ID": "CVE-2019-5636",
"STATE": "PUBLIC",
"TITLE": "Beckhoff TwinCAT Discovery Service Denial of Service"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TwinCAT 2",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2304",
"version_value": "2304"
}
]
}
},
{
"product_name": "TwinCAT 3.1",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "4204.0",
"version_value": "4204.0"
}
]
}
}
]
},
"vendor_name": "Beckhoff"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered, and reported to Rapid7, by Andreas Galauner at Rapid7. It is being disclosed in accordance with Rapid7\u0027s vulnerability disclosure policy (https://www.rapid7.com/disclosure/)."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When a Beckhoff TwinCAT Runtime receives a malformed UDP packet, the ADS Discovery Service shuts down. Note that the TwinCAT devices are still performing as normal. This issue affects TwinCAT 2 version 2304 (and prior) and TwinCAT 3.1 version 4204.0 (and prior)."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-404 Improper Resource Shutdown or Release"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2019-004.pdf",
"refsource": "CONFIRM",
"url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2019-004.pdf"
},
{
"name": "https://blog.rapid7.com/2019/10/08/r7-2019-32-denial-of-service-vulnerabilities-in-beckhoff-twincat-plc-environment-fixed/",
"refsource": "MISC",
"url": "https://blog.rapid7.com/2019/10/08/r7-2019-32-denial-of-service-vulnerabilities-in-beckhoff-twincat-plc-environment-fixed/"
}
]
},
"source": {
"advisory": "R7-2019-32",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2019-5636",
"datePublished": "2019-11-21T19:16:12.913139Z",
"dateReserved": "2019-01-07T00:00:00",
"dateUpdated": "2024-09-17T03:18:42.935Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3486 (GCVE-0-2011-3486)
Vulnerability from cvelistv5
Published
2011-09-16 14:00
Modified
2024-08-06 23:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Beckhoff TwinCAT 2.11.0.2004 and earlier allows remote attackers to cause a denial of service via a crafted request to UDP port 48899, which triggers an out-of-bounds read.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/69765 | vdb-entry, x_refsource_XF | |
| http://securityreason.com/securityalert/8380 | third-party-advisory, x_refsource_SREASON | |
| http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-06.pdf | x_refsource_MISC | |
| http://osvdb.org/75495 | vdb-entry, x_refsource_OSVDB | |
| http://aluigi.altervista.org/adv/twincat_1-adv.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:47.721Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "twincat-datagram-dos(69765)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69765"
},
{
"name": "8380",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8380"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-06.pdf"
},
{
"name": "75495",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/75495"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/twincat_1-adv.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-09-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Beckhoff TwinCAT 2.11.0.2004 and earlier allows remote attackers to cause a denial of service via a crafted request to UDP port 48899, which triggers an out-of-bounds read."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "twincat-datagram-dos(69765)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69765"
},
{
"name": "8380",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8380"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-06.pdf"
},
{
"name": "75495",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/75495"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/twincat_1-adv.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3486",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Beckhoff TwinCAT 2.11.0.2004 and earlier allows remote attackers to cause a denial of service via a crafted request to UDP port 48899, which triggers an out-of-bounds read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "twincat-datagram-dos(69765)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69765"
},
{
"name": "8380",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8380"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-06.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-06.pdf"
},
{
"name": "75495",
"refsource": "OSVDB",
"url": "http://osvdb.org/75495"
},
{
"name": "http://aluigi.altervista.org/adv/twincat_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/twincat_1-adv.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3486",
"datePublished": "2011-09-16T14:00:00",
"dateReserved": "2011-09-16T00:00:00",
"dateUpdated": "2024-08-06T23:37:47.721Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-16871 (GCVE-0-2019-16871)
Vulnerability from cvelistv5
Published
2019-12-19 20:42
Modified
2024-08-05 01:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Beckhoff Embedded Windows PLCs through 3.1.4024.0, and Beckhoff Twincat on Windows Engineering stations, allow an attacker to achieve Remote Code Execution (as SYSTEM) via the Beckhoff ADS protocol.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ic4.be/2019/12/18/beckhoff-cve-2019-16871/#more-648 | x_refsource_MISC | |
| https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2017-001.pdf | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:24:47.257Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ic4.be/2019/12/18/beckhoff-cve-2019-16871/#more-648"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2017-001.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Beckhoff Embedded Windows PLCs through 3.1.4024.0, and Beckhoff Twincat on Windows Engineering stations, allow an attacker to achieve Remote Code Execution (as SYSTEM) via the Beckhoff ADS protocol."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-19T20:42:28",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ic4.be/2019/12/18/beckhoff-cve-2019-16871/#more-648"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2017-001.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16871",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Beckhoff Embedded Windows PLCs through 3.1.4024.0, and Beckhoff Twincat on Windows Engineering stations, allow an attacker to achieve Remote Code Execution (as SYSTEM) via the Beckhoff ADS protocol."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ic4.be/2019/12/18/beckhoff-cve-2019-16871/#more-648",
"refsource": "MISC",
"url": "https://www.ic4.be/2019/12/18/beckhoff-cve-2019-16871/#more-648"
},
{
"name": "https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2017-001.pdf",
"refsource": "CONFIRM",
"url": "https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2017-001.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16871",
"datePublished": "2019-12-19T20:42:28",
"dateReserved": "2019-09-25T00:00:00",
"dateUpdated": "2024-08-05T01:24:47.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5415 (GCVE-0-2014-5415)
Vulnerability from cvelistv5
Published
2016-10-05 10:00
Modified
2024-08-06 11:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components might allow remote attackers to obtain access via the (1) Windows CE Remote Configuration Tool, (2) CE Remote Display service, or (3) TELNET service.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/93349 | vdb-entry, x_refsource_BID | |
| https://ics-cert.us-cert.gov/advisories/ICSA-16-278-02 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:49.234Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "93349",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93349"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-278-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components might allow remote attackers to obtain access via the (1) Windows CE Remote Configuration Tool, (2) CE Remote Display service, or (3) TELNET service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "93349",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93349"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-278-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-5415",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components might allow remote attackers to obtain access via the (1) Windows CE Remote Configuration Tool, (2) CE Remote Display service, or (3) TELNET service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93349",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93349"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-278-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-278-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-5415",
"datePublished": "2016-10-05T10:00:00",
"dateReserved": "2014-08-22T00:00:00",
"dateUpdated": "2024-08-06T11:41:49.234Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-16718 (GCVE-0-2017-16718)
Vulnerability from cvelistv5
Published
2018-06-27 19:00
Modified
2024-09-16 17:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-522 - Insufficiently Protected Credentials
Summary
Beckhoff TwinCAT 3 supports communication over ADS. ADS is a protocol for industrial automation in protected environments. This protocol uses user configured routes, that can be edited remotely via ADS. This special command supports encrypted authentication with username/password. The encryption uses a fixed key, that could be extracted by an attacker. Precondition of the exploitation of this weakness is network access at the moment a route is added.
References
| ▼ | URL | Tags |
|---|---|---|
| https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2017-002.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ICS-CERT | Beckhoff TwinCAT |
Version: Version 3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:35:20.926Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2017-002.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Beckhoff TwinCAT",
"vendor": "ICS-CERT",
"versions": [
{
"status": "affected",
"version": "Version 3"
}
]
}
],
"datePublic": "2018-06-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Beckhoff TwinCAT 3 supports communication over ADS. ADS is a protocol for industrial automation in protected environments. This protocol uses user configured routes, that can be edited remotely via ADS. This special command supports encrypted authentication with username/password. The encryption uses a fixed key, that could be extracted by an attacker. Precondition of the exploitation of this weakness is network access at the moment a route is added."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "Insufficiently Protected Credentials CWE-522",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-27T18:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2017-002.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-06-27T00:00:00",
"ID": "CVE-2017-16718",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Beckhoff TwinCAT",
"version": {
"version_data": [
{
"version_value": "Version 3"
}
]
}
}
]
},
"vendor_name": "ICS-CERT"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Beckhoff TwinCAT 3 supports communication over ADS. ADS is a protocol for industrial automation in protected environments. This protocol uses user configured routes, that can be edited remotely via ADS. This special command supports encrypted authentication with username/password. The encryption uses a fixed key, that could be extracted by an attacker. Precondition of the exploitation of this weakness is network access at the moment a route is added."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficiently Protected Credentials CWE-522"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2017-002.pdf",
"refsource": "MISC",
"url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2017-002.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-16718",
"datePublished": "2018-06-27T19:00:00Z",
"dateReserved": "2017-11-09T00:00:00",
"dateUpdated": "2024-09-16T17:28:00.754Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-16726 (GCVE-0-2017-16726)
Vulnerability from cvelistv5
Published
2018-06-27 19:00
Modified
2024-09-16 17:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-285 - Improper Authorization
Summary
Beckhoff TwinCAT supports communication over ADS. ADS is a protocol for industrial automation in protected environments. ADS has not been designed to achieve security purposes and therefore does not include any encryption algorithms because of their negative effect on performance and throughput. An attacker can forge arbitrary ADS packets when legitimate ADS traffic is observable.
References
| ▼ | URL | Tags |
|---|---|---|
| https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2017-001.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ICS-CERT | Beckhoff TwinCAT |
Version: Version 2, Version 3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:35:20.414Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2017-001.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Beckhoff TwinCAT",
"vendor": "ICS-CERT",
"versions": [
{
"status": "affected",
"version": "Version 2, Version 3"
}
]
}
],
"datePublic": "2018-06-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Beckhoff TwinCAT supports communication over ADS. ADS is a protocol for industrial automation in protected environments. ADS has not been designed to achieve security purposes and therefore does not include any encryption algorithms because of their negative effect on performance and throughput. An attacker can forge arbitrary ADS packets when legitimate ADS traffic is observable."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "Improper Authorization CWE-285",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-03T15:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2017-001.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-06-27T00:00:00",
"ID": "CVE-2017-16726",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Beckhoff TwinCAT",
"version": {
"version_data": [
{
"version_value": "Version 2, Version 3"
}
]
}
}
]
},
"vendor_name": "ICS-CERT"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Beckhoff TwinCAT supports communication over ADS. ADS is a protocol for industrial automation in protected environments. ADS has not been designed to achieve security purposes and therefore does not include any encryption algorithms because of their negative effect on performance and throughput. An attacker can forge arbitrary ADS packets when legitimate ADS traffic is observable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authorization CWE-285"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2017-001.pdf",
"refsource": "MISC",
"url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2017-001.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-16726",
"datePublished": "2018-06-27T19:00:00Z",
"dateReserved": "2017-11-09T00:00:00",
"dateUpdated": "2024-09-16T17:08:08.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5414 (GCVE-0-2014-5414)
Vulnerability from cvelistv5
Published
2016-10-05 10:00
Modified
2024-08-06 11:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components do not restrict the number of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/93349 | vdb-entry, x_refsource_BID | |
| https://ics-cert.us-cert.gov/advisories/ICSA-16-278-02 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:49.195Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "93349",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93349"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-278-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components do not restrict the number of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "93349",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93349"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-278-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-5414",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components do not restrict the number of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93349",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93349"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-278-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-278-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-5414",
"datePublished": "2016-10-05T10:00:00",
"dateReserved": "2014-08-22T00:00:00",
"dateUpdated": "2024-08-06T11:41:49.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7502 (GCVE-0-2018-7502)
Vulnerability from cvelistv5
Published
2018-03-23 17:00
Modified
2024-09-16 17:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-822 - Untrusted Pointer Dereference
Summary
Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, and TwinCAT 3.1 lack proper validation of user-supplied pointer values. An attacker who is able to execute code on the target may be able to exploit this vulnerability to obtain SYSTEM privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://srcincite.io/advisories/src-2018-0007/ | x_refsource_MISC | |
| http://www.securityfocus.com/bid/103487 | vdb-entry, x_refsource_BID | |
| https://ics-cert.us-cert.gov/advisories/ICSA-18-081-02 | x_refsource_MISC | |
| https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2018-001.pdf | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ICS-CERT | Beckhoff TwinCAT PLC products |
Version: TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, TwinCAT 3.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:31:04.349Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://srcincite.io/advisories/src-2018-0007/"
},
{
"name": "103487",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103487"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-081-02"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2018-001.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Beckhoff TwinCAT PLC products",
"vendor": "ICS-CERT",
"versions": [
{
"status": "affected",
"version": "TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, TwinCAT 3.1"
}
]
}
],
"datePublic": "2018-03-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, and TwinCAT 3.1 lack proper validation of user-supplied pointer values. An attacker who is able to execute code on the target may be able to exploit this vulnerability to obtain SYSTEM privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-822",
"description": "Untrusted Pointer Dereference CWE-822",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-22T19:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://srcincite.io/advisories/src-2018-0007/"
},
{
"name": "103487",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103487"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-081-02"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2018-001.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-03-22T00:00:00",
"ID": "CVE-2018-7502",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Beckhoff TwinCAT PLC products",
"version": {
"version_data": [
{
"version_value": "TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, TwinCAT 3.1"
}
]
}
}
]
},
"vendor_name": "ICS-CERT"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, and TwinCAT 3.1 lack proper validation of user-supplied pointer values. An attacker who is able to execute code on the target may be able to exploit this vulnerability to obtain SYSTEM privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted Pointer Dereference CWE-822"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://srcincite.io/advisories/src-2018-0007/",
"refsource": "MISC",
"url": "https://srcincite.io/advisories/src-2018-0007/"
},
{
"name": "103487",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103487"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-081-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-081-02"
},
{
"name": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2018-001.pdf",
"refsource": "CONFIRM",
"url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2018-001.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-7502",
"datePublished": "2018-03-23T17:00:00Z",
"dateReserved": "2018-02-26T00:00:00",
"dateUpdated": "2024-09-16T17:14:23.452Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12494 (GCVE-0-2020-12494)
Vulnerability from cvelistv5
Published
2020-06-16 13:28
Modified
2024-08-04 11:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-459 - Incomplete Cleanup
Summary
Beckhoff's TwinCAT RT network driver for Intel 8254x and 8255x is providing EtherCAT functionality. The driver implements real-time features. Except for Ethernet frames sent from real-time functionality, all other Ethernet frames sent through the driver are not padded if their payload is less than the minimum Ethernet frame size. Instead, arbitrary memory content is transmitted within in the padding bytes of the frame. Most likely this memory contains slices from previously transmitted or received frames. By this method, memory content is disclosed, however, an attacker can hardly control which memory content is affected. For example, the disclosure can be provoked with small sized ICMP echo requests sent to the device.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert.vde.com/en-us/advisories/vde-2020-019 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Beckhoff | TwinCat Driver for Intel 8254x (Tcl8254x.sys) |
Version: unspecified < Version: unspecified < Version: unspecified < |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:56:52.090Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-019"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TwinCat Driver for Intel 8254x (Tcl8254x.sys)",
"vendor": "Beckhoff",
"versions": [
{
"lessThanOrEqual": "3.1.0.3603 for TwinCAT 3.1 4024",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "3.1.0.3512 for TwinCAT 3.1 4022",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.11.0.2120 for TwinCAT 2.11 2350",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TwinCat Driver for Intel 8255x (Tcl8255x.sys)",
"vendor": "Beckhoff",
"versions": [
{
"lessThanOrEqual": "3.1.0.3600 for TwinCAT 3.1 4024",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "3.1.0.3500 for TwinCAT 3.1 4024",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.11.0.2117 for TwinCAT 2.11 2350",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Beckhoff reported this vulnerability to CERT@VDE"
}
],
"descriptions": [
{
"lang": "en",
"value": "Beckhoff\u0027s TwinCAT RT network driver for Intel 8254x and 8255x is providing EtherCAT functionality. The driver implements real-time features. Except for Ethernet frames sent from real-time functionality, all other Ethernet frames sent through the driver are not padded if their payload is less than the minimum Ethernet frame size. Instead, arbitrary memory content is transmitted within in the padding bytes of the frame. Most likely this memory contains slices from previously transmitted or received frames. By this method, memory content is disclosed, however, an attacker can hardly control which memory content is affected. For example, the disclosure can be provoked with small sized ICMP echo requests sent to the device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-459",
"description": "CWE-459 Incomplete Cleanup",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-19T12:29:17",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-019"
}
],
"source": {
"advisory": "VDE-2020-019",
"discovery": "UNKNOWN"
},
"title": "Beckhoff: Etherleak in TwinCAT RT network driver",
"workarounds": [
{
"lang": "en",
"value": "If no real-time communication from TwinCAT is required on the Ethernet interface, then users can alternatively re-configure them to use the Intel \u00ae driver, which is shipped with Beckhoff images.\nCustomers should configure a perimeter firewall to block traffic from untrusted networks to the device, especially regarding ICMP and other small ethernet frames.\nBeckhoff offers software patches for TwinCAT 3.1 and TwinCAT 2.11 on request. These patches will be included in the the next regular releases to the affected software versions. The advisory will be updated upon availability."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "CERT@VDE",
"ASSIGNER": "info@cert.vde.com",
"ID": "CVE-2020-12494",
"STATE": "PUBLIC",
"TITLE": "Beckhoff: Etherleak in TwinCAT RT network driver"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TwinCat Driver for Intel 8254x (Tcl8254x.sys)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "3.1.0.3603 for TwinCAT 3.1 4024"
},
{
"version_affected": "\u003c=",
"version_value": "3.1.0.3512 for TwinCAT 3.1 4022"
},
{
"version_affected": "\u003c=",
"version_value": "2.11.0.2120 for TwinCAT 2.11 2350"
}
]
}
},
{
"product_name": "TwinCat Driver for Intel 8255x (Tcl8255x.sys)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "3.1.0.3600 for TwinCAT 3.1 4024"
},
{
"version_affected": "\u003c=",
"version_value": "3.1.0.3500 for TwinCAT 3.1 4024"
},
{
"version_affected": "\u003c=",
"version_value": "2.11.0.2117 for TwinCAT 2.11 2350"
}
]
}
}
]
},
"vendor_name": "Beckhoff"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Beckhoff reported this vulnerability to CERT@VDE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Beckhoff\u0027s TwinCAT RT network driver for Intel 8254x and 8255x is providing EtherCAT functionality. The driver implements real-time features. Except for Ethernet frames sent from real-time functionality, all other Ethernet frames sent through the driver are not padded if their payload is less than the minimum Ethernet frame size. Instead, arbitrary memory content is transmitted within in the padding bytes of the frame. Most likely this memory contains slices from previously transmitted or received frames. By this method, memory content is disclosed, however, an attacker can hardly control which memory content is affected. For example, the disclosure can be provoked with small sized ICMP echo requests sent to the device."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-459 Incomplete Cleanup"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en-us/advisories/vde-2020-019",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en-us/advisories/vde-2020-019"
}
]
},
"source": {
"advisory": "VDE-2020-019",
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "If no real-time communication from TwinCAT is required on the Ethernet interface, then users can alternatively re-configure them to use the Intel \u00ae driver, which is shipped with Beckhoff images.\nCustomers should configure a perimeter firewall to block traffic from untrusted networks to the device, especially regarding ICMP and other small ethernet frames.\nBeckhoff offers software patches for TwinCAT 3.1 and TwinCAT 2.11 on request. These patches will be included in the the next regular releases to the affected software versions. The advisory will be updated upon availability."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2020-12494",
"datePublished": "2020-06-16T13:28:38",
"dateReserved": "2020-04-30T00:00:00",
"dateUpdated": "2024-08-04T11:56:52.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}