// For flags

CVE-2015-4051

Beckoff CX9020 CPU Model Remote Code Execution

Severity Score

9.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Beckhoff IPC Diagnostics before 1.8 does not properly restrict access to functions in /config, which allows remote attackers to cause a denial of service (reboot or shutdown), create arbitrary users, or possibly have unspecified other impact via a crafted request, as demonstrated by a beckhoff.com:service:cxconfig:1#Write SOAP action to /upnpisapi.

Beckhoff IPC Diagnostics anterior a 1.8 no restringe correctamente el acceso a funciones en /config, lo que permite a atacantes remotos causar una denegación de servicio (reinicio o cierre), crear usuarios arbitrarios o posiblemente tener otro impacto no especificado a través de una solicitud manipulada, tal y como fue demostrado por una acción SOAP beckhoff.com:service:cxconfig:1#Write en /upnpisapi.

Beckhoff IPC Diagnostics versions prior to 1.8 suffer from an authentication bypass vulnerability.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2015-05-21 CVE Reserved
  • 2015-06-05 CVE Published
  • 2023-09-08 EPSS Updated
  • 2024-08-06 CVE Updated
  • 2024-08-06 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-284: Improper Access Control
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Beckhoff
Search vendor "Beckhoff"
 Ipc Diagnostics
Search vendor "Beckhoff" for product "Ipc Diagnostics"
 <= 1.7
Search vendor "Beckhoff" for product "Ipc Diagnostics" and version " <= 1.7"
-
Affected