Beckhoff TwinCAT Discovery Service Denial of Service
CVE-2019-5636

5.3MEDIUM

Key Information:

Vendor: Beckhoff
Status: Twincat 2; Twincat 3.1
Vendor: CVE Published:; 21 November 2019

What is CVE-2019-5636?

When a Beckhoff TwinCAT Runtime receives a malformed UDP packet, the ADS Discovery Service shuts down. Note that the TwinCAT devices are still performing as normal. This issue affects TwinCAT 2 version 2304 (and prior) and TwinCAT 3.1 version 4204.0 (and prior).

Affected Version(s)

TwinCAT 2 2304

TwinCAT 3.1 4204.0

References

https://download.beckhoff.com/download/Document/product-s...

x_refsource_CONFIRM

https://blog.rapid7.com/2019/10/08/r7-2019-32-denial-of-s...

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 21, 2019
Vulnerability Reserved
Jan 7, 2019

Credit

This issue was discovered, and reported to Rapid7, by Andreas Galauner at Rapid7. It is being disclosed in accordance with Rapid7's vulnerability disclosure policy (https://www.rapid7.com/disclosure/).