Beckhoff TwinCAT Profinet Driver Divide-by-Zero Denial of Service
CVE-2019-5637

7.5HIGH

Key Information:

Vendor: Beckhoff
Status: Twincat 2; Twincat 3.1
Vendor: CVE Published:; 21 November 2019

What is CVE-2019-5637?

When Beckhoff TwinCAT is configured to use the Profinet driver, a denial of service of the controller could be reached by sending a malformed UDP packet to the device. This issue affects TwinCAT 2 version 2304 (and prior) and TwinCAT 3.1 version 4204.0 (and prior).

Affected Version(s)

TwinCAT 2 2304

TwinCAT 3.1 4204.0

References

https://blog.rapid7.com/2019/10/08/r7-2019-32-denial-of-s...

x_refsource_MISC

https://download.beckhoff.com/download/Document/product-s...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 21, 2019
Vulnerability Reserved
Jan 7, 2019

Credit

This issue was discovered, and reported to Rapid7, by Andreas Galauner at Rapid7. It is being disclosed in accordance with Rapid7's vulnerability disclosure policy (https://www.rapid7.com/disclosure/).

JSON