PT-2019-14840 · Beckhoff+1 · Beckhoff Embedded Windows Plcs+2

Published

2019-12-19

Updated

2021-07-21

CVE-2019-16871

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Beckhoff Embedded Windows PLCs versions through 3.1.4024.0 Beckhoff Twincat on Windows Engineering stations (affected versions not specified)

Description The issue allows an attacker to achieve remote code execution as SYSTEM via the Beckhoff ADS protocol.

Recommendations For Beckhoff Embedded Windows PLCs versions through 3.1.4024.0, update to a version that contains a fix for this issue. For Beckhoff Twincat on Windows Engineering stations, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Authentication Bypass by Spoofing

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-290

Related Identifiers

CVE-2019-16871

Affected Products

Beckhoff Embedded Windows Plcs

Beckhoff Twincat

Windows

PT-2019-14840 · Beckhoff+1 · Beckhoff Embedded Windows Plcs+2

CVE-2019-16871

Weakness Enumeration

Related Identifiers

Affected Products

References · 4