SB2019112150 - Multiple vulnerabilities in Beckhoff TwinCAT
Published: November 21, 2019 Updated: August 8, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2019-16871)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Beckhoff Embedded Windows PLCs through 3.1.4024.0, and Beckhoff Twincat on Windows Engineering stations, allow an attacker to achieve Remote Code Execution (as SYSTEM) via the Beckhoff ADS protocol.
2) Improper Resource Shutdown or Release (CVE-ID: CVE-2019-5636)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
When a Beckhoff TwinCAT Runtime receives a malformed UDP packet, the ADS Discovery Service shuts down. Note that the TwinCAT devices are still performing as normal. This issue affects TwinCAT 2 version 2304 (and prior) and TwinCAT 3.1 version 4204.0 (and prior).
Remediation
Install update from vendor's website.
References
- https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2017-001.pdf
- https://www.ic4.be/2019/12/18/beckhoff-cve-2019-16871/#more-648
- https://blog.rapid7.com/2019/10/08/r7-2019-32-denial-of-service-vulnerabilities-in-beckhoff-twincat-plc-environment-fixed/
- https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2019-004.pdf