GSD-2020-12526
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
TwinCAT OPC UA Server in versions up to 2.3.0.12 and IPC Diagnostics UA Server in versions up to 3.1.0.1 from Beckhoff Automation GmbH & Co. KG are vulnerable to denial of service attacks. The attacker needs to send several specifically crafted requests to the running OPC UA server. After some of these requests the OPC UA server is no longer responsive to any client. This is without effect to the real-time functionality of IPCs.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-12526",
"description": "TwinCAT OPC UA Server in versions up to 2.3.0.12 and IPC Diagnostics UA Server in versions up to 3.1.0.1 from Beckhoff Automation GmbH \u0026 Co. KG are vulnerable to denial of service attacks. The attacker needs to send several specifically crafted requests to the running OPC UA server. After some of these requests the OPC UA server is no longer responsive to any client. This is without effect to the real-time functionality of IPCs.",
"id": "GSD-2020-12526"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-12526"
],
"details": "TwinCAT OPC UA Server in versions up to 2.3.0.12 and IPC Diagnostics UA Server in versions up to 3.1.0.1 from Beckhoff Automation GmbH \u0026 Co. KG are vulnerable to denial of service attacks. The attacker needs to send several specifically crafted requests to the running OPC UA server. After some of these requests the OPC UA server is no longer responsive to any client. This is without effect to the real-time functionality of IPCs.",
"id": "GSD-2020-12526",
"modified": "2023-12-13T01:21:49.586199Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-04-27T10:00:00.000Z",
"ID": "CVE-2020-12526",
"STATE": "PUBLIC",
"TITLE": "BECKHOFF: DoS-Vulnerability for TwinCAT OPC UA Server and IPC Diagnostics UA Server"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TwinCAT OPC UA Server",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "2.3.0.12"
}
]
}
},
{
"product_name": "IPC Diagnostics UA Server",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "3.1.0.1"
}
]
}
},
{
"product_name": "TF6100",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "3.3.18"
}
]
}
}
]
},
"vendor_name": "Beckhoff"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Beckhoff Automation thanks Industrial Control Security Laboratory of QI-ANXIN Technology Group Inc. from China for reporting the issue and for support and efforts with the coordinated disclosure. Also Beckhoff Automation thanks CERT@VDE for coordination."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TwinCAT OPC UA Server in versions up to 2.3.0.12 and IPC Diagnostics UA Server in versions up to 3.1.0.1 from Beckhoff Automation GmbH \u0026 Co. KG are vulnerable to denial of service attacks. The attacker needs to send several specifically crafted requests to the running OPC UA server. After some of these requests the OPC UA server is no longer responsive to any client. This is without effect to the real-time functionality of IPCs."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en-us/advisories/vde-2020-051",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en-us/advisories/vde-2020-051"
},
{
"name": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2021-001.pdf",
"refsource": "CONFIRM",
"url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2021-001.pdf"
}
]
},
"solution": [
{
"lang": "eng",
"value": "For devices running Windows but not Windows CE or TwinCAT/BSD please get a recent version of the OPC UA servers through the conventional ways and update your system.\nFor devices running Windows CE please request a recent image via Beckhoff\u2019s support and apply it to your device.\nFor the product CX8091 please use firmware version \"CX8091_CE600_LF_v356f_TC211R3_B2306_v2\" or later.\nPlease note that the updated OPC UA server leaves less RAM available to your application on the CX8091."
}
],
"source": {
"advisory": "VDE-2020-051",
"defect": [
"VDE-2020-051"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "Consider disabling the IPC Diagnostics Server by stopping and disabling the corresponding Windows service or service. For example this can be achieved with the following PowerShell commands:\n\nStop-Service -Force -Name DevMgrSvr-UA\nSet-Service -Name DevMgrSvr-UA -StartupType Disabled\n\nAlternatively consider limiting access to the TCP port the OPC UA server is listening on. This can happen with a dedicated firewall appliance which sits in front of an affected device. Alternatively at the device the Windows firewall can be configured to limit access to the TCP port."
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:beckhoff:ipc_diagnostics_ua_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.1.0.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:beckhoff:tf6100:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.3.18",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:beckhoff:twincat_opc_ua_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.3.0.12",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"ID": "CVE-2020-12526"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "TwinCAT OPC UA Server in versions up to 2.3.0.12 and IPC Diagnostics UA Server in versions up to 3.1.0.1 from Beckhoff Automation GmbH \u0026 Co. KG are vulnerable to denial of service attacks. The attacker needs to send several specifically crafted requests to the running OPC UA server. After some of these requests the OPC UA server is no longer responsive to any client. This is without effect to the real-time functionality of IPCs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2021-001.pdf",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2021-001.pdf"
},
{
"name": "https://cert.vde.com/en-us/advisories/vde-2020-051",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-051"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
},
"lastModifiedDate": "2021-05-25T15:02Z",
"publishedDate": "2021-05-13T14:15Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…