Main Vulnerability Database Vulnerabilities #VU29534

#VU29534 Information disclosure in TwinCAT - CVE-2020-12494

Published: July 6, 2020

Vulnerability identifier: #VU29534

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-12494

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
TwinCAT

Software vendor:
Beckhoff

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to TwinCAT RT network driver for Intel 8254x and 8255x does not properly construct frames if their payload is less than the minimum Ethernet frame size. As a result, arbitrary system memory contents is transmitted within in the padding bytes of the frame.

Remediation

Contact your vendor to obtain patches.

External links

https://cert.vde.com/en-us/advisories/vde-2020-019

#VU29534 Information disclosure in TwinCAT - CVE-2020-12494

Description

Remediation

External links

Please verify you're human