var-201610-0668
Vulnerability from variot
Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components might allow remote attackers to obtain access via the (1) Windows CE Remote Configuration Tool, (2) CE Remote Display service, or (3) TELNET service. Beckhoff Embedded PC Images is an industrial control system that is installed in the control cabinet and can be functionally configured. Automation Device Specification (ADS) TwinCAT Components is a PC real-time controller software product. Beckhoff Embedded PC images have a security vulnerability in versions prior to 2014-10-22 and in the Automation Device Specificatios TwinCAT component. Multiple Beckhoff Products are prone to multiple security-bypass vulnerabilities. Successfully exploiting these issues may allow attackers to perform unauthorized actions. This may lead to other attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201610-0668",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "embedded pc images",
"scope": "eq",
"trust": 1.6,
"vendor": "beckhoff",
"version": null
},
{
"model": "twincat",
"scope": "eq",
"trust": 1.6,
"vendor": "beckhoff",
"version": null
},
{
"model": "twincat",
"scope": null,
"trust": 0.8,
"vendor": "beckhoff automation",
"version": null
},
{
"model": "embedded pc images",
"scope": "lt",
"trust": 0.8,
"vendor": "beckhoff automation",
"version": "2014-10-22 earlier"
},
{
"model": "embedded pc images",
"scope": "lt",
"trust": 0.6,
"vendor": "beckhoff",
"version": "2014-10-22"
},
{
"model": "automation device specification twincat components",
"scope": null,
"trust": 0.6,
"vendor": "beckhoff",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "embedded pc images",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "twincat",
"version": null
},
{
"model": "twincat",
"scope": "eq",
"trust": 0.3,
"vendor": "beckhoff",
"version": "0"
},
{
"model": "embedded pc",
"scope": "eq",
"trust": 0.3,
"vendor": "beckhoff",
"version": "0"
}
],
"sources": [
{
"db": "IVD",
"id": "7d722f71-463f-11e9-8b02-000c29342cb1"
},
{
"db": "IVD",
"id": "0e4c5094-4469-481e-b710-ff49b9bc9bf0"
},
{
"db": "CNVD",
"id": "CNVD-2016-08764"
},
{
"db": "BID",
"id": "93349"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008183"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-014"
},
{
"db": "NVD",
"id": "CVE-2014-5415"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:beckhoff:twincat",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:beckhoff:embedded_pc_images",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008183"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Marko Schuba from FH Aachen University of Applied Sciences.",
"sources": [
{
"db": "BID",
"id": "93349"
}
],
"trust": 0.3
},
"cve": "CVE-2014-5415",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 9.4,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-5415",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 9.4,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-08764",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 9.4,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "7d722f71-463f-11e9-8b02-000c29342cb1",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 9.4,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "0e4c5094-4469-481e-b710-ff49b9bc9bf0",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2014-5415",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-5415",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2014-5415",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2016-08764",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201610-014",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "7d722f71-463f-11e9-8b02-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "0e4c5094-4469-481e-b710-ff49b9bc9bf0",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d722f71-463f-11e9-8b02-000c29342cb1"
},
{
"db": "IVD",
"id": "0e4c5094-4469-481e-b710-ff49b9bc9bf0"
},
{
"db": "CNVD",
"id": "CNVD-2016-08764"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008183"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-014"
},
{
"db": "NVD",
"id": "CVE-2014-5415"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components might allow remote attackers to obtain access via the (1) Windows CE Remote Configuration Tool, (2) CE Remote Display service, or (3) TELNET service. Beckhoff Embedded PC Images is an industrial control system that is installed in the control cabinet and can be functionally configured. Automation Device Specification (ADS) TwinCAT Components is a PC real-time controller software product. Beckhoff Embedded PC images have a security vulnerability in versions prior to 2014-10-22 and in the Automation Device Specificatios TwinCAT component. Multiple Beckhoff Products are prone to multiple security-bypass vulnerabilities. \nSuccessfully exploiting these issues may allow attackers to perform unauthorized actions. This may lead to other attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-5415"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008183"
},
{
"db": "CNVD",
"id": "CNVD-2016-08764"
},
{
"db": "BID",
"id": "93349"
},
{
"db": "IVD",
"id": "7d722f71-463f-11e9-8b02-000c29342cb1"
},
{
"db": "IVD",
"id": "0e4c5094-4469-481e-b710-ff49b9bc9bf0"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-5415",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSA-16-278-02",
"trust": 3.3
},
{
"db": "BID",
"id": "93349",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2016-08764",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201610-014",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008183",
"trust": 0.8
},
{
"db": "IVD",
"id": "7D722F71-463F-11E9-8B02-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "0E4C5094-4469-481E-B710-FF49B9BC9BF0",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "7d722f71-463f-11e9-8b02-000c29342cb1"
},
{
"db": "IVD",
"id": "0e4c5094-4469-481e-b710-ff49b9bc9bf0"
},
{
"db": "CNVD",
"id": "CNVD-2016-08764"
},
{
"db": "BID",
"id": "93349"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008183"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-014"
},
{
"db": "NVD",
"id": "CVE-2014-5415"
}
]
},
"id": "VAR-201610-0668",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d722f71-463f-11e9-8b02-000c29342cb1"
},
{
"db": "IVD",
"id": "0e4c5094-4469-481e-b710-ff49b9bc9bf0"
},
{
"db": "CNVD",
"id": "CNVD-2016-08764"
}
],
"trust": 1.7916666666666665
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "7d722f71-463f-11e9-8b02-000c29342cb1"
},
{
"db": "IVD",
"id": "0e4c5094-4469-481e-b710-ff49b9bc9bf0"
},
{
"db": "CNVD",
"id": "CNVD-2016-08764"
}
]
},
"last_update_date": "2024-11-23T21:54:26.144000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Advisory 2014-002: ADS communication port allows password bruteforce",
"trust": 0.8,
"url": "http://ftp.beckhoff.com/download/document/ipc/industrial-pc/advisory-2014-002.pdf"
},
{
"title": "Advisory 2014-003: Recommendation to change default passwords",
"trust": 0.8,
"url": "http://ftp.beckhoff.com/download/document/ipc/industrial-pc/advisory-2014-003.pdf"
},
{
"title": "Documentation about IPC Security",
"trust": 0.8,
"url": "https://download.beckhoff.com/download/Document/ipc/industrial-pc/ipc_security_en.pdf"
},
{
"title": "Advisory 2014-001: Potential misuse of several administrative services",
"trust": 0.8,
"url": "http://ftp.beckhoff.com/download/document/ipc/industrial-pc/advisory-2014-001.pdf"
},
{
"title": "Patch for Beckhoff Embedded PC Image and Automation Device Specification TwinCAT Component Security Bypass Vulnerability (CNVD-2016-08764)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/82316"
},
{
"title": "Beckhoff Embedded PC Image and Automation Device Specification TwinCAT Fixes for component security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=64454"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-08764"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008183"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-014"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008183"
},
{
"db": "NVD",
"id": "CVE-2014-5415"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-278-02"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/93349"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5415"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-5415"
},
{
"trust": 0.3,
"url": "http://www.beckhoff.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-08764"
},
{
"db": "BID",
"id": "93349"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008183"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-014"
},
{
"db": "NVD",
"id": "CVE-2014-5415"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d722f71-463f-11e9-8b02-000c29342cb1"
},
{
"db": "IVD",
"id": "0e4c5094-4469-481e-b710-ff49b9bc9bf0"
},
{
"db": "CNVD",
"id": "CNVD-2016-08764"
},
{
"db": "BID",
"id": "93349"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008183"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-014"
},
{
"db": "NVD",
"id": "CVE-2014-5415"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-13T00:00:00",
"db": "IVD",
"id": "7d722f71-463f-11e9-8b02-000c29342cb1"
},
{
"date": "2016-10-13T00:00:00",
"db": "IVD",
"id": "0e4c5094-4469-481e-b710-ff49b9bc9bf0"
},
{
"date": "2016-10-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-08764"
},
{
"date": "2016-10-04T00:00:00",
"db": "BID",
"id": "93349"
},
{
"date": "2016-10-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008183"
},
{
"date": "2016-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-014"
},
{
"date": "2016-10-05T10:59:01.280000",
"db": "NVD",
"id": "CVE-2014-5415"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-08764"
},
{
"date": "2016-10-10T00:04:00",
"db": "BID",
"id": "93349"
},
{
"date": "2016-10-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008183"
},
{
"date": "2016-10-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-014"
},
{
"date": "2024-11-21T02:12:00.403000",
"db": "NVD",
"id": "CVE-2014-5415"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-014"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Beckhoff Embedded PC Images And automation device specifications TwinCAT Vulnerabilities that can gain access to components",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008183"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-014"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…