CVE-2017-16718

Name of the Vulnerable Software and Affected Versions: Beckhoff TwinCAT 3 (affected versions not specified)

Description: The issue concerns the ADS protocol used by Beckhoff TwinCAT 3 for communication in industrial automation environments. ADS allows user-configured routes to be edited remotely, supporting encrypted authentication with username and password. However, the encryption utilizes a fixed key that could potentially be extracted by an attacker. Exploitation of this weakness requires network access at the moment a route is added.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.