Beckhoff: Etherleak in TwinCAT RT network driver
CVE-2020-12494

5.3MEDIUM

Key Information:

Vendor: Beckhoff
Status: Twincat Driver For Intel 8254x (tcl8254x.sys); Twincat Driver For Intel 8255x (tcl8255x.sys)
Vendor: CVE Published:; 16 June 2020

What is CVE-2020-12494?

Beckhoff's TwinCAT RT network driver for Intel 8254x and 8255x is providing EtherCAT functionality. The driver implements real-time features. Except for Ethernet frames sent from real-time functionality, all other Ethernet frames sent through the driver are not padded if their payload is less than the minimum Ethernet frame size. Instead, arbitrary memory content is transmitted within in the padding bytes of the frame. Most likely this memory contains slices from previously transmitted or received frames. By this method, memory content is disclosed, however, an attacker can hardly control which memory content is affected. For example, the disclosure can be provoked with small sized ICMP echo requests sent to the device.

Affected Version(s)

TwinCat Driver for Intel 8254x (Tcl8254x.sys) <= 3.1.0.3603 for TwinCAT 3.1 4024

TwinCat Driver for Intel 8254x (Tcl8254x.sys) <= 3.1.0.3512 for TwinCAT 3.1 4022

TwinCat Driver for Intel 8254x (Tcl8254x.sys) <= 2.11.0.2120 for TwinCAT 2.11 2350

References

https://cert.vde.com/en-us/advisories/vde-2020-019

x_refsource_CONFIRM

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 16, 2020
Vulnerability Reserved
Apr 30, 2020

Credit

Beckhoff reported this vulnerability to CERT@VDE