CVE-2019-5637

Name of the Vulnerable Software and Affected Versions TwinCAT 2 versions prior to 2304 TwinCAT 3.1 versions prior to 4204.0

Description The issue is related to the Profinet driver in TwinCAT, which can cause a denial of service when a malformed UDP packet is sent to the device. This is also associated with division by zero errors. An attacker can exploit this issue by sending specially crafted DCP packets to cause a denial of service.

Recommendations For TwinCAT 2 versions prior to 2304, update to version 2304 or later to resolve the issue. For TwinCAT 3.1 versions prior to 4204.0, update to version 4204.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Profinet driver to minimize the risk of exploitation.