CVE-2020-12494

Summary

CVE	CVE-2020-12494
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2020-06-16 14:15:00 UTC
Updated	2021-12-02 19:31:00 UTC
Description	Beckhoff's TwinCAT RT network driver for Intel 8254x and 8255x is providing EtherCAT functionality. The driver implements real-time features. Except for Ethernet frames sent from real-time functionality, all other Ethernet frames sent through the driver are not padded if their payload is less than the minimum Ethernet frame size. Instead, arbitrary memory content is transmitted within in the padding bytes of the frame. Most likely this memory contains slices from previously transmitted or received frames. By this method, memory content is disclosed, however, an attacker can hardly control which memory content is affected. For example, the disclosure can be provoked with small sized ICMP echo requests sent to the device.

Risk And Classification

Problem Types: CWE-459

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Beckhoff	Twincat	2.11	build_2350	All	All
Application	Beckhoff	Twincat	3.1	build_402	All	All
Application	Beckhoff	Twincat	3.1	build_4022	All	All
Application	Beckhoff	Twincat	3.1	build_4024	All	All
Application	Beckhoff	Twincat	2.11	build_2350	All	All
Application	Beckhoff	Twincat	3.1	build_402	All	All
Application	Beckhoff	Twincat	3.1	build_4022	All	All
Application	Beckhoff	Twincat	3.1	build_4024	All	All
Application	Beckhoff	Twincat	All	All	All	All
Application	Beckhoff	Twincat	All	All	All	All
Application	Beckhoff	Twincat	All	All	All	All
Application	Beckhoff	Twincat	All	All	All	All
Application	Beckhoff	Twincat	All	All	All	All
Application	Beckhoff	Twincat Driver	All	All	All	All
Hardware	Intel	82540em	-	All	All	All
Hardware	Intel	82540em	-	All	All	All
Hardware	Intel	82540ep	-	All	All	All
Hardware	Intel	82540ep	-	All	All	All
Hardware	Intel	82541ei	-	All	All	All
Hardware	Intel	82541ei	-	All	All	All
Hardware	Intel	82541er	-	All	All	All
Hardware	Intel	82541er	-	All	All	All
Hardware	Intel	82541gi	-	All	All	All
Hardware	Intel	82541gi	-	All	All	All
Hardware	Intel	82541pi	-	All	All	All
Hardware	Intel	82541pi	-	All	All	All
Hardware	Intel	82544ei	-	All	All	All
Hardware	Intel	82544ei	-	All	All	All
Hardware	Intel	82544gc	-	All	All	All
Hardware	Intel	82544gc	-	All	All	All
Hardware	Intel	82545em	-	All	All	All
Hardware	Intel	82545em	-	All	All	All
Hardware	Intel	82545gm	-	All	All	All
Hardware	Intel	82545gm	-	All	All	All
Hardware	Intel	82546eb	-	All	All	All
Hardware	Intel	82546eb	-	All	All	All
Hardware	Intel	82546gb	-	All	All	All
Hardware	Intel	82546gb	-	All	All	All
Hardware	Intel	82547ei	-	All	All	All
Hardware	Intel	82547ei	-	All	All	All
Hardware	Intel	82547ei	-	All	All	All
Hardware	Intel	82547ei	-	All	All	All
Hardware	Intel	82547gi	-	All	All	All
Hardware	Intel	82547gi	-	All	All	All
Hardware	Intel	82557	-	All	All	All
Hardware	Intel	82557	-	All	All	All
Hardware	Intel	82558	-	All	All	All
Hardware	Intel	82558	-	All	All	All
Hardware	Intel	82559	-	All	All	All
Hardware	Intel	82559	-	All	All	All

References

Reference	Source	Link	Tags
BECKHOFF: EtherLeak in TwinCAT RT network driver — English (USA)	CONFIRM	cert.vde.com	Third Party Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

Vendor Comments And Credit

Discovery Credit

LEGACY: Beckhoff reported this vulnerability to CERT@VDE

There are currently no legacy QID mappings associated with this CVE.