BECKHOFF: DoS-Vulnerability for TwinCAT OPC UA Server and IPC Diagnostics UA Server
CVE-2020-12526

5.3MEDIUM

Key Information:

Vendor: Beckhoff
Status: Twincat Opc Ua Server; Ipc Diagnostics Ua Server; Tf6100
Vendor: CVE Published:; 13 May 2021

What is CVE-2020-12526?

TwinCAT OPC UA Server in versions up to 2.3.0.12 and IPC Diagnostics UA Server in versions up to 3.1.0.1 from Beckhoff Automation GmbH & Co. KG are vulnerable to denial of service attacks. The attacker needs to send several specifically crafted requests to the running OPC UA server. After some of these requests the OPC UA server is no longer responsive to any client. This is without effect to the real-time functionality of IPCs.

Affected Version(s)

IPC Diagnostics UA Server <= 3.1.0.1

TF6100 <= 3.3.18

TwinCAT OPC UA Server <= 2.3.0.12

References

https://cert.vde.com/en-us/advisories/vde-2020-051

x_refsource_CONFIRM

https://download.beckhoff.com/download/Document/product-s...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 13, 2021
Vulnerability Reserved
Apr 30, 2020

Credit

Beckhoff Automation thanks Industrial Control Security Laboratory of QI-ANXIN Technology Group Inc. from China for reporting the issue and for support and efforts with the coordinated disclosure. Also Beckhoff Automation thanks CERT@VDE for coordination.