Vulnerabilities > CVE-2014-5414 - 7PK - Security Features vulnerability in Beckhoff Embedded PC Images and Twincat

CVSS 9.1 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

beckhoff

CWE-254

critical

NVD

Published: 2016-10-05

Updated: 2016-11-28

Summary

Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components do not restrict the number of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.

Vulnerable Configurations

Part	Description	Count
Application	Beckhoff Beckhoff Embedded PC Images - Beckhoff Twincat -	2

Common Weakness Enumeration (CWE)

CWE-254 - 7PK - Security Features

References

https://ics-cert.us-cert.gov/advisories/ICSA-16-278-02
http://www.securityfocus.com/bid/93349