Vulnerability in Beckhoff TwinCAT 3 Affects Industrial Automation Protocols
CVE-2017-16718

5.9MEDIUM

Key Information:

Vendor: Ics-cert
Status: Beckhoff Twincat
Vendor: CVE Published:; 27 June 2018

What is CVE-2017-16718?

The Beckhoff TwinCAT 3 software, which utilizes the ADS protocol for industrial automation communication, is susceptible to an encryption flaw. This vulnerability arises from the mechanism that allows remote editing of user-defined routes over ADS. The fixed key used for encryption can potentially be extracted by an attacker, which compromises the integrity of the encrypted authentication that requires a username and password. To exploit this vulnerability, an attacker must have network access at the time a route is being added, making it essential for users to secure their networks to mitigate the risk.

Affected Version(s)

Beckhoff TwinCAT Version 3

References

https://download.beckhoff.com/download/Document/product-s...

x_refsource_MISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 27, 2018
Vulnerability Reserved
Nov 9, 2017

CVE-2017-16718 Data

JSON

Ics-cert

What is CVE-2017-16718?

Affected Version(s)

References

CVSS V3.1

Timeline