Vulnerabilities > Beckhoff > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-27 | CVE-2024-41174 | Cross-site Scripting vulnerability in Beckhoff IPC Diagnostics Package and Twincat/Bsd The IPC-Diagnostics package in TwinCAT/BSD is susceptible to improper input neutralization by a low-privileged local attacker. | 9.0 |
| 2019-12-19 | CVE-2019-16871 | Improper Input Validation vulnerability in Beckhoff Twincat 2.0/3.0/3.1 Beckhoff Embedded Windows PLCs through 3.1.4024.0, and Beckhoff Twincat on Windows Engineering stations, allow an attacker to achieve Remote Code Execution (as SYSTEM) via the Beckhoff ADS protocol. | 9.3 |
| 2016-10-05 | CVE-2014-5415 | Permissions, Privileges, and Access Controls vulnerability in Beckhoff Embedded PC Images and Twincat Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components might allow remote attackers to obtain access via the (1) Windows CE Remote Configuration Tool, (2) CE Remote Display service, or (3) TELNET service. | 9.4 |
| 2016-10-05 | CVE-2014-5414 | 7PK - Security Features vulnerability in Beckhoff Embedded PC Images and Twincat Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components do not restrict the number of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. | 9.4 |
| 2015-06-08 | CVE-2015-4051 | Improper Access Control vulnerability in Beckhoff IPC Diagnostics Beckhoff IPC Diagnostics before 1.8 does not properly restrict access to functions in /config, which allows remote attackers to cause a denial of service (reboot or shutdown), create arbitrary users, or possibly have unspecified other impact via a crafted request, as demonstrated by a beckhoff.com:service:cxconfig:1#Write SOAP action to /upnpisapi. | 9.0 |