PT-2019-14840 · Beckhoff+1 · Beckhoff Embedded Windows Plcs+2

Publicado

2019-12-19

Atualizado

2021-07-21

CVE-2019-16871

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Beckhoff Embedded Windows PLCs versions through 3.1.4024.0 Beckhoff Twincat on Windows Engineering stations (affected versions not specified)

Description The issue allows an attacker to achieve remote code execution as SYSTEM via the Beckhoff ADS protocol.

Recommendations For Beckhoff Embedded Windows PLCs versions through 3.1.4024.0, update to a version that contains a fix for this issue. For Beckhoff Twincat on Windows Engineering stations, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Authentication Bypass by Spoofing

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-290

Identificadores relacionados

CVE-2019-16871

Produtos afetados

Beckhoff Embedded Windows Plcs

Beckhoff Twincat

Windows

PT-2019-14840 · Beckhoff+1 · Beckhoff Embedded Windows Plcs+2

CVE-2019-16871

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4