Vulnerabilities > Beckhoff
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-12 | CVE-2020-9464 | Resource Exhaustion vulnerability in Beckhoff Bk9000 Firmware A Denial-of-Service vulnerability exists in BECKHOFF Ethernet TCP/IP Bus Coupler BK9000. | 7.5 |
| 2019-12-19 | CVE-2019-16871 | Authentication Bypass by Spoofing vulnerability in Beckhoff Twincat 2.0/3.0/3.1 Beckhoff Embedded Windows PLCs through 3.1.4024.0, and Beckhoff Twincat on Windows Engineering stations, allow an attacker to achieve Remote Code Execution (as SYSTEM) via the Beckhoff ADS protocol. | 9.8 |
| 2019-11-21 | CVE-2019-5637 | Divide By Zero vulnerability in Beckhoff Twincat 3.1.4022.29/3.1.4022.30 When Beckhoff TwinCAT is configured to use the Profinet driver, a denial of service of the controller could be reached by sending a malformed UDP packet to the device. | 7.5 |
| 2019-11-21 | CVE-2019-5636 | Improper Resource Shutdown or Release vulnerability in Beckhoff Twincat 2.0/3.1 When a Beckhoff TwinCAT Runtime receives a malformed UDP packet, the ADS Discovery Service shuts down. | 7.5 |
| 2018-06-27 | CVE-2017-16726 | Inadequate Encryption Strength vulnerability in Beckhoff Twincat Beckhoff TwinCAT supports communication over ADS. | 9.1 |
| 2018-06-27 | CVE-2017-16718 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Beckhoff Twincat 3.0 Beckhoff TwinCAT 3 supports communication over ADS. | 5.9 |
| 2018-03-23 | CVE-2018-7502 | Improper Input Validation vulnerability in Beckhoff Twincat and Twincat C++ Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, and TwinCAT 3.1 lack proper validation of user-supplied pointer values. | 7.8 |
| 2016-10-05 | CVE-2014-5415 | Permissions, Privileges, and Access Controls vulnerability in Beckhoff Embedded PC Images and Twincat Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components might allow remote attackers to obtain access via the (1) Windows CE Remote Configuration Tool, (2) CE Remote Display service, or (3) TELNET service. | 9.1 |
| 2016-10-05 | CVE-2014-5414 | 7PK - Security Features vulnerability in Beckhoff Embedded PC Images and Twincat Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components do not restrict the number of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. | 9.1 |