Lucene search

CERTVDECVE-2020-12526

HistoryMay 13, 2021 - 2:15 p.m.

CVE-2020-12526

2021-05-1314:15:17

CWE-20

CERTVDE

web.nvd.nist.gov

cve-2020-12526

twincat

opc ua server

ipc diagnostics ua server

beckhoff automation gmbh & co. kg

dos

vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

42.6%

JSON

TwinCAT OPC UA Server in versions up to 2.3.0.12 and IPC Diagnostics UA Server in versions up to 3.1.0.1 from Beckhoff Automation GmbH & Co. KG are vulnerable to denial of service attacks. The attacker needs to send several specifically crafted requests to the running OPC UA server. After some of these requests the OPC UA server is no longer responsive to any client. This is without effect to the real-time functionality of IPCs.

Affected configurations

Nvd

Node

beckhoffipc_diagnostics_ua_serverRange≤3.1.0.1

beckhofftf6100Range≤3.3.18

beckhofftwincat_opc_ua_serverRange≤2.3.0.12

VendorProductVersionCPE
beckhoffipc_diagnostics_ua_server*cpe:2.3:a:beckhoff:ipc_diagnostics_ua_server:*:*:*:*:*:*:*:*
beckhofftf6100*cpe:2.3:a:beckhoff:tf6100:*:*:*:*:*:*:*:*
beckhofftwincat_opc_ua_server*cpe:2.3:a:beckhoff:twincat_opc_ua_server:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
beckhoff	ipc_diagnostics_ua_server	*	cpe:2.3:a:beckhoff:ipc_diagnostics_ua_server::::::::
beckhoff	tf6100	*	cpe:2.3:a:beckhoff:tf6100::::::::
beckhoff	twincat_opc_ua_server	*	cpe:2.3:a:beckhoff:twincat_opc_ua_server::::::::

CNA Affected

[
  {
    "product": "TwinCAT OPC UA Server",
    "vendor": "Beckhoff",
    "versions": [
      {
        "lessThanOrEqual": "2.3.0.12",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "IPC Diagnostics UA Server",
    "vendor": "Beckhoff",
    "versions": [
      {
        "lessThanOrEqual": "3.1.0.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "TF6100",
    "vendor": "Beckhoff",
    "versions": [
      {
        "lessThanOrEqual": "3.3.18",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

cert.vde.com/en-us/advisories/vde-2020-051

download.beckhoff.com/download/Document/product-security/Advisories/advisory-2021-001.pdf

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

42.6%

JSON

Related for CVE-2020-12526