Vulnerabilities > Beckhoff

DATE CVE VULNERABILITY TITLE RISK
2021-11-04 CVE-2021-34594 Path Traversal vulnerability in Beckhoff Tf6100 Firmware and Ts6100 Firmware
TwinCAT OPC UA Server in TF6100 and TS6100 in product versions before 4.3.48.0 or with TcOpcUaServer versions below 3.2.0.194 are prone to a relative path traversal that allow administrators to create or delete any files on the system.
network
low complexity
beckhoff CWE-22
8.5
2021-07-23 CVE-2020-20741 Unspecified vulnerability in Beckhoff Cx9020 6.02
Incorrect Access Control in Beckhoff Automation GmbH & Co.
network
low complexity
beckhoff
7.5
2021-05-13 CVE-2020-12526 Improper Input Validation vulnerability in Beckhoff products
TwinCAT OPC UA Server in versions up to 2.3.0.12 and IPC Diagnostics UA Server in versions up to 3.1.0.1 from Beckhoff Automation GmbH & Co.
network
low complexity
beckhoff CWE-20
5.0
2020-11-19 CVE-2020-12510 Incorrect Default Permissions vulnerability in Beckhoff Twincat Extended Automation Runtime 3.1
The default installation path of the TwinCAT XAR 3.1 software in all versions is underneath C:\TwinCAT.
network
beckhoff CWE-276
6.0
2020-06-16 CVE-2020-12494 Incomplete Cleanup vulnerability in Beckhoff Twincat and Twincat Driver
Beckhoff's TwinCAT RT network driver for Intel 8254x and 8255x is providing EtherCAT functionality.
network
low complexity
beckhoff CWE-459
5.0
2020-03-12 CVE-2020-9464 Resource Exhaustion vulnerability in Beckhoff Bk9000 Firmware
A Denial-of-Service vulnerability exists in BECKHOFF Ethernet TCP/IP Bus Coupler BK9000.
network
low complexity
beckhoff CWE-400
7.8
2019-12-19 CVE-2019-16871 Improper Input Validation vulnerability in Beckhoff Twincat 2.0/3.0/3.1
Beckhoff Embedded Windows PLCs through 3.1.4024.0, and Beckhoff Twincat on Windows Engineering stations, allow an attacker to achieve Remote Code Execution (as SYSTEM) via the Beckhoff ADS protocol.
network
beckhoff CWE-20
critical
9.3
2019-11-21 CVE-2019-5637 Divide By Zero vulnerability in Beckhoff Twincat 3.1.4022.29/3.1.4022.30
When Beckhoff TwinCAT is configured to use the Profinet driver, a denial of service of the controller could be reached by sending a malformed UDP packet to the device.
network
low complexity
beckhoff CWE-369
5.0
2019-11-21 CVE-2019-5636 Improper Resource Shutdown or Release vulnerability in Beckhoff Twincat 2.0/3.1
When a Beckhoff TwinCAT Runtime receives a malformed UDP packet, the ADS Discovery Service shuts down.
network
low complexity
beckhoff CWE-404
5.0
2018-06-27 CVE-2017-16726 Inadequate Encryption Strength vulnerability in Beckhoff Twincat
Beckhoff TwinCAT supports communication over ADS.
network
low complexity
beckhoff CWE-326
6.4