Vulnerabilities > Beckhoff > Twincat

DATE CVE VULNERABILITY TITLE RISK
2020-06-16 CVE-2020-12494 Incomplete Cleanup vulnerability in Beckhoff Twincat and Twincat Driver
Beckhoff's TwinCAT RT network driver for Intel 8254x and 8255x is providing EtherCAT functionality.
network
low complexity
beckhoff CWE-459
5.0
2019-12-19 CVE-2019-16871 Improper Input Validation vulnerability in Beckhoff Twincat 2.0/3.0/3.1
Beckhoff Embedded Windows PLCs through 3.1.4024.0, and Beckhoff Twincat on Windows Engineering stations, allow an attacker to achieve Remote Code Execution (as SYSTEM) via the Beckhoff ADS protocol.
network
beckhoff CWE-20
critical
9.3
2019-11-21 CVE-2019-5637 Divide By Zero vulnerability in Beckhoff Twincat 3.1.4022.29/3.1.4022.30
When Beckhoff TwinCAT is configured to use the Profinet driver, a denial of service of the controller could be reached by sending a malformed UDP packet to the device.
network
low complexity
beckhoff CWE-369
5.0
2019-11-21 CVE-2019-5636 Improper Resource Shutdown or Release vulnerability in Beckhoff Twincat 2.0/3.1
When a Beckhoff TwinCAT Runtime receives a malformed UDP packet, the ADS Discovery Service shuts down.
network
low complexity
beckhoff CWE-404
5.0
2018-06-27 CVE-2017-16726 Inadequate Encryption Strength vulnerability in Beckhoff Twincat
Beckhoff TwinCAT supports communication over ADS.
network
low complexity
beckhoff CWE-326
6.4
2018-06-27 CVE-2017-16718 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Beckhoff Twincat 3.0
Beckhoff TwinCAT 3 supports communication over ADS.
network
beckhoff CWE-327
4.3
2018-03-23 CVE-2018-7502 Improper Input Validation vulnerability in Beckhoff Twincat and Twincat C++
Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, and TwinCAT 3.1 lack proper validation of user-supplied pointer values.
local
low complexity
beckhoff CWE-20
7.2
2016-10-05 CVE-2014-5415 Permissions, Privileges, and Access Controls vulnerability in Beckhoff Embedded PC Images and Twincat
Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components might allow remote attackers to obtain access via the (1) Windows CE Remote Configuration Tool, (2) CE Remote Display service, or (3) TELNET service.
network
low complexity
beckhoff CWE-264
critical
9.4
2016-10-05 CVE-2014-5414 7PK - Security Features vulnerability in Beckhoff Embedded PC Images and Twincat
Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components do not restrict the number of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.
network
low complexity
beckhoff CWE-254
critical
9.4
2011-09-16 CVE-2011-3486 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Beckhoff Twincat
Beckhoff TwinCAT 2.11.0.2004 and earlier allows remote attackers to cause a denial of service via a crafted request to UDP port 48899, which triggers an out-of-bounds read.
network
low complexity
beckhoff CWE-119
5.0