Main Vulnerability Database Vulnerabilities #VU34950

Input validation error in TwinCAT - CVE-2019-16871

Published: December 19, 2019 / Updated: August 8, 2020

Vulnerability identifier: #VU34950

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2019-16871

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Beckhoff

Affected software:
TwinCAT

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Beckhoff Embedded Windows PLCs through 3.1.4024.0, and Beckhoff Twincat on Windows Engineering stations, allow an attacker to achieve Remote Code Execution (as SYSTEM) via the Beckhoff ADS protocol.

How to mitigate CVE-2019-16871

Install update from vendor's website.

Sources

https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2017-001.pdf
https://www.ic4.be/2019/12/18/beckhoff-cve-2019-16871/#more-648

Input validation error in TwinCAT - CVE-2019-16871

Detailed vulnerability description

How to mitigate CVE-2019-16871

Sources

Please verify you're human