CVE-2020-12526
Summary
| CVE | CVE-2020-12526 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-05-13 14:15:00 UTC |
| Updated | 2021-05-25 15:02:00 UTC |
| Description | TwinCAT OPC UA Server in versions up to 2.3.0.12 and IPC Diagnostics UA Server in versions up to 3.1.0.1 from Beckhoff Automation GmbH & Co. KG are vulnerable to denial of service attacks. The attacker needs to send several specifically crafted requests to the running OPC UA server. After some of these requests the OPC UA server is no longer responsive to any client. This is without effect to the real-time functionality of IPCs. |
Risk And Classification
Problem Types: CWE-20
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Beckhoff | Ipc Diagnostics Ua Server | All | All | All | All |
| Application | Beckhoff | Tf6100 | All | All | All | All |
| Application | Beckhoff | Twincat Opc Ua Server | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| BECKHOFF: DoS-Vulnerability for TwinCAT OPC UA Server and IPC Diagnostics UA Server — English (USA) | CONFIRM | cert.vde.com | |
| download.beckhoff.com/download/Document/product-security/Advisories/advisory-2021-0... | CONFIRM | download.beckhoff.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Beckhoff Automation thanks Industrial Control Security Laboratory of QI-ANXIN Technology Group Inc. from China for reporting the issue and for support and efforts with the coordinated disclosure. Also Beckhoff Automation thanks CERT@VDE for coordination.
There are currently no legacy QID mappings associated with this CVE.