3.1.4022.30

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

beckhoff

CWE-369

NVD

Published: 2019-11-21

Updated: 2020-02-04

Summary

When Beckhoff TwinCAT is configured to use the Profinet driver, a denial of service of the controller could be reached by sending a malformed UDP packet to the device. This issue affects TwinCAT 2 version 2304 (and prior) and TwinCAT 3.1 version 4204.0 (and prior).

Vulnerable Configurations

Part	Description	Count
OS	Beckhoff Beckhoff Twincat 3.1.4022.30 Beckhoff Twincat 3.1.4022.29	2
Hardware	Beckhoff Beckhoff Twincat Cx2030 - Beckhoff Twincat Cx5140 -	2

Common Weakness Enumeration (CWE)

CWE-369 - Divide By Zero

References

https://blog.rapid7.com/2019/10/08/r7-2019-32-denial-of-service-vulnerabilities-in-beckhoff-twincat-plc-environment-fixed/
https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2019-007.pdf