Vulnerabilities > Beckhoff > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-27 | CVE-2024-41174 | Cross-site Scripting vulnerability in Beckhoff IPC Diagnostics Package and Twincat/Bsd The IPC-Diagnostics package in TwinCAT/BSD is susceptible to improper input neutralization by a low-privileged local attacker. | 9.0 |
| 2021-07-23 | CVE-2020-20741 | Unspecified vulnerability in Beckhoff Cx9020 6.02 Incorrect Access Control in Beckhoff Automation GmbH & Co. | 9.8 |
| 2019-12-19 | CVE-2019-16871 | Authentication Bypass by Spoofing vulnerability in Beckhoff Twincat 2.0/3.0/3.1 Beckhoff Embedded Windows PLCs through 3.1.4024.0, and Beckhoff Twincat on Windows Engineering stations, allow an attacker to achieve Remote Code Execution (as SYSTEM) via the Beckhoff ADS protocol. | 9.8 |
| 2018-06-27 | CVE-2017-16726 | Inadequate Encryption Strength vulnerability in Beckhoff Twincat Beckhoff TwinCAT supports communication over ADS. | 9.1 |
| 2016-10-05 | CVE-2014-5415 | Permissions, Privileges, and Access Controls vulnerability in Beckhoff Embedded PC Images and Twincat Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components might allow remote attackers to obtain access via the (1) Windows CE Remote Configuration Tool, (2) CE Remote Display service, or (3) TELNET service. | 9.1 |
| 2016-10-05 | CVE-2014-5414 | 7PK - Security Features vulnerability in Beckhoff Embedded PC Images and Twincat Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components do not restrict the number of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. | 9.1 |