CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16718
https://notcve.org/view.php?id=CVE-2017-16718
Beckhoff TwinCAT 3 supports communication over ADS. ADS is a protocol for industrial automation in protected environments. This protocol uses user configured routes, that can be edited remotely via ADS. This special command supports encrypted authentication with username/password. The encryption uses a fixed key, that could be extracted by an attacker. • https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2017-002.pdf • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-522: Insufficiently Protected Credentials •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-7502
https://notcve.org/view.php?id=CVE-2018-7502
Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, and TwinCAT 3.1 lack proper validation of user-supplied pointer values. An attacker who is able to execute code on the target may be able to exploit this vulnerability to obtain SYSTEM privileges. Los controladores del kernel en Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259 y TwinCAT 3.1 no validan correctamente los valores de puntero proporcionados por el usuario. Un atacante que pueda ejecutar código en el objetivo podría explotar esta vulnerabilidad para obtener privilegios SYSTEM. • http://www.securityfocus.com/bid/103487 https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2018-001.pdf https://ics-cert.us-cert.gov/advisories/ICSA-18-081-02 https://srcincite.io/advisories/src-2018-0007 • CWE-20: Improper Input Validation CWE-822: Untrusted Pointer Dereference •
CVSS: 9.4EPSS: 0%CPEs: 2EXPL: 0CVE-2014-5414
https://notcve.org/view.php?id=CVE-2014-5414
Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components do not restrict the number of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. Imágenes Beckhoff Embedded PC en versiones anteriores a 22-10-2014 y componentes Automation Device Specification (ADS) TwinCAT no restringen el número de intentos de autenticación, lo que hace más fácil para atacantes remotos obtener acceso a través de un ataque de fuerza bruta. • http://www.securityfocus.com/bid/93349 https://ics-cert.us-cert.gov/advisories/ICSA-16-278-02 • CWE-254: 7PK - Security Features •
CVSS: 9.4EPSS: 0%CPEs: 2EXPL: 0CVE-2014-5415
https://notcve.org/view.php?id=CVE-2014-5415
Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components might allow remote attackers to obtain access via the (1) Windows CE Remote Configuration Tool, (2) CE Remote Display service, or (3) TELNET service. Imágenes Beckhoff Embedded PC en versiones anteriores a 22-10-2014 y componentes Automation Device Specification (ADS) TwinCAT podrían permitir a atacantes remotos obtener acceso a través de (1) Windows CE Remote Configuration Tool, (2) servicio CE Remote Display o (3) servicio TELNET. • http://www.securityfocus.com/bid/93349 https://ics-cert.us-cert.gov/advisories/ICSA-16-278-02 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.0EPSS: 2%CPEs: 1EXPL: 2CVE-2015-4051 – Beckoff CX9020 CPU Model Remote Code Execution
https://notcve.org/view.php?id=CVE-2015-4051
Beckhoff IPC Diagnostics before 1.8 does not properly restrict access to functions in /config, which allows remote attackers to cause a denial of service (reboot or shutdown), create arbitrary users, or possibly have unspecified other impact via a crafted request, as demonstrated by a beckhoff.com:service:cxconfig:1#Write SOAP action to /upnpisapi. Beckhoff IPC Diagnostics anterior a 1.8 no restringe correctamente el acceso a funciones en /config, lo que permite a atacantes remotos causar una denegación de servicio (reinicio o cierre), crear usuarios arbitrarios o posiblemente tener otro impacto no especificado a través de una solicitud manipulada, tal y como fue demostrado por una acción SOAP beckhoff.com:service:cxconfig:1#Write en /upnpisapi. Beckhoff IPC Diagnostics versions prior to 1.8 suffer from an authentication bypass vulnerability. • http://ftp.beckhoff.com/download/document/IndustPC/Advisory-2015-001.pdf http://packetstormsecurity.com/files/132168/Beckhoff-IPC-Diagnositcs-Authentication-Bypass.html http://packetstormsecurity.com/files/134071/Beckoff-CX9020-CPU-Model-Remote-Code-Execution.html http://seclists.org/fulldisclosure/2015/Jun/10 http://www.securityfocus.com/bid/75042 http://www.thesecurityfactory.be/permalink/beckhoff-authentication-bypass.html • CWE-284: Improper Access Control •