CERTVDECVELIST:CVE-2020-12526CVE-2020-12526 BECKHOFF: DoS-Vulnerability for TwinCAT OPC UA Server and IPC Diagnostics UA Server
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS
Percentile
42.6%
TwinCAT OPC UA Server in versions up to 2.3.0.12 and IPC Diagnostics UA Server in versions up to 3.1.0.1 from Beckhoff Automation GmbH & Co. KG are vulnerable to denial of service attacks. The attacker needs to send several specifically crafted requests to the running OPC UA server. After some of these requests the OPC UA server is no longer responsive to any client. This is without effect to the real-time functionality of IPCs.
CNA Affected
[
{
"product": "TwinCAT OPC UA Server",
"vendor": "Beckhoff",
"versions": [
{
"lessThanOrEqual": "2.3.0.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "IPC Diagnostics UA Server",
"vendor": "Beckhoff",
"versions": [
{
"lessThanOrEqual": "3.1.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TF6100",
"vendor": "Beckhoff",
"versions": [
{
"lessThanOrEqual": "3.3.18",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS
Percentile
42.6%