CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41175 – Beckhoff: Local Denial-of-Service vulnerability in TwinCAT/BSD and the IPC-Diagnostics package
https://notcve.org/view.php?id=CVE-2024-41175
The IPC-Diagnostics package included in TwinCAT/BSD is vulnerable to a local denial-of-service attack by a low privileged attacker. • https://cert.vde.com/en/advisories/VDE-2024-049 https://infosys.beckhoff.com/content/1033/twincat_bsd/11780818443.html?id=4222392218353411614 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41174 – Beckhoff: Improper input neutralization vulnerability in the IPC-Diagnostics package in TwinCAT/BSD
https://notcve.org/view.php?id=CVE-2024-41174
The IPC-Diagnostics package in TwinCAT/BSD is susceptible to improper input neutralization by a low-privileged local attacker. • https://cert.vde.com/en/advisories/VDE-2024-048 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41173 – Beckhoff: Local authentication bypass in the IPC-Diagnostics package included in TwinCAT/BSD
https://notcve.org/view.php?id=CVE-2024-41173
The IPC-Diagnostics package included in TwinCAT/BSD is vulnerable to a local authentication bypass by a low privileged attacker. • https://cert.vde.com/en/advisories/VDE-2024-045 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2020-12526 – BECKHOFF: DoS-Vulnerability for TwinCAT OPC UA Server and IPC Diagnostics UA Server
https://notcve.org/view.php?id=CVE-2020-12526
TwinCAT OPC UA Server in versions up to 2.3.0.12 and IPC Diagnostics UA Server in versions up to 3.1.0.1 from Beckhoff Automation GmbH & Co. KG are vulnerable to denial of service attacks. The attacker needs to send several specifically crafted requests to the running OPC UA server. After some of these requests the OPC UA server is no longer responsive to any client. This is without effect to the real-time functionality of IPCs. • https://cert.vde.com/en-us/advisories/vde-2020-051 https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2021-001.pdf • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 2%CPEs: 1EXPL: 2CVE-2015-4051 – Beckoff CX9020 CPU Model Remote Code Execution
https://notcve.org/view.php?id=CVE-2015-4051
Beckhoff IPC Diagnostics before 1.8 does not properly restrict access to functions in /config, which allows remote attackers to cause a denial of service (reboot or shutdown), create arbitrary users, or possibly have unspecified other impact via a crafted request, as demonstrated by a beckhoff.com:service:cxconfig:1#Write SOAP action to /upnpisapi. Beckhoff IPC Diagnostics anterior a 1.8 no restringe correctamente el acceso a funciones en /config, lo que permite a atacantes remotos causar una denegación de servicio (reinicio o cierre), crear usuarios arbitrarios o posiblemente tener otro impacto no especificado a través de una solicitud manipulada, tal y como fue demostrado por una acción SOAP beckhoff.com:service:cxconfig:1#Write en /upnpisapi. Beckhoff IPC Diagnostics versions prior to 1.8 suffer from an authentication bypass vulnerability. • http://ftp.beckhoff.com/download/document/IndustPC/Advisory-2015-001.pdf http://packetstormsecurity.com/files/132168/Beckhoff-IPC-Diagnositcs-Authentication-Bypass.html http://packetstormsecurity.com/files/134071/Beckoff-CX9020-CPU-Model-Remote-Code-Execution.html http://seclists.org/fulldisclosure/2015/Jun/10 http://www.securityfocus.com/bid/75042 http://www.thesecurityfactory.be/permalink/beckhoff-authentication-bypass.html • CWE-284: Improper Access Control •