Main Vulnerability Database Vulnerabilities #VU34950

#VU34950 Input validation error in TwinCAT - CVE-2019-16871

Published: December 19, 2019 / Updated: August 8, 2020

Vulnerability identifier: #VU34950

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2019-16871

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
TwinCAT

Software vendor:
Beckhoff

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Beckhoff Embedded Windows PLCs through 3.1.4024.0, and Beckhoff Twincat on Windows Engineering stations, allow an attacker to achieve Remote Code Execution (as SYSTEM) via the Beckhoff ADS protocol.

Remediation

Install update from vendor's website.

External links

https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2017-001.pdf
https://www.ic4.be/2019/12/18/beckhoff-cve-2019-16871/#more-648

#VU34950 Input validation error in TwinCAT - CVE-2019-16871

Description

Remediation

External links

Please verify you're human