Vulnerabilities > Beckhoff
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-14 | CVE-2023-6545 | Open Redirect vulnerability in Beckhoff Authelia-Bhf The package authelia-bhf included in Beckhoffs TwinCAT/BSD is prone to an open redirect that allows a remote unprivileged attacker to redirect a user to another site. | 4.7 |
| 2021-11-04 | CVE-2021-34594 | Path Traversal vulnerability in Beckhoff Tf6100 Firmware and Ts6100 Firmware TwinCAT OPC UA Server in TF6100 and TS6100 in product versions before 4.3.48.0 or with TcOpcUaServer versions below 3.2.0.194 are prone to a relative path traversal that allow administrators to create or delete any files on the system. | 8.5 |
| 2021-07-23 | CVE-2020-20741 | Unspecified vulnerability in Beckhoff Cx9020 6.02 Incorrect Access Control in Beckhoff Automation GmbH & Co. | 7.5 |
| 2021-05-13 | CVE-2020-12526 | Improper Input Validation vulnerability in Beckhoff products TwinCAT OPC UA Server in versions up to 2.3.0.12 and IPC Diagnostics UA Server in versions up to 3.1.0.1 from Beckhoff Automation GmbH & Co. | 5.0 |
| 2020-11-19 | CVE-2020-12510 | Incorrect Default Permissions vulnerability in Beckhoff Twincat Extended Automation Runtime 3.1 The default installation path of the TwinCAT XAR 3.1 software in all versions is underneath C:\TwinCAT. | 6.0 |
| 2020-06-16 | CVE-2020-12494 | Incomplete Cleanup vulnerability in Beckhoff Twincat and Twincat Driver Beckhoff's TwinCAT RT network driver for Intel 8254x and 8255x is providing EtherCAT functionality. | 5.0 |
| 2020-03-12 | CVE-2020-9464 | Resource Exhaustion vulnerability in Beckhoff Bk9000 Firmware A Denial-of-Service vulnerability exists in BECKHOFF Ethernet TCP/IP Bus Coupler BK9000. | 7.8 |
| 2019-12-19 | CVE-2019-16871 | Improper Input Validation vulnerability in Beckhoff Twincat 2.0/3.0/3.1 Beckhoff Embedded Windows PLCs through 3.1.4024.0, and Beckhoff Twincat on Windows Engineering stations, allow an attacker to achieve Remote Code Execution (as SYSTEM) via the Beckhoff ADS protocol. | 9.3 |
| 2019-11-21 | CVE-2019-5637 | Divide By Zero vulnerability in Beckhoff Twincat 3.1.4022.29/3.1.4022.30 When Beckhoff TwinCAT is configured to use the Profinet driver, a denial of service of the controller could be reached by sending a malformed UDP packet to the device. | 5.0 |
| 2019-11-21 | CVE-2019-5636 | Improper Resource Shutdown or Release vulnerability in Beckhoff Twincat 2.0/3.1 When a Beckhoff TwinCAT Runtime receives a malformed UDP packet, the ADS Discovery Service shuts down. | 5.0 |