CVE-2019-5636

Name of the Vulnerable Software and Affected Versions TwinCAT 2 versions prior to 2304 TwinCAT 3.1 versions prior to 4204.0

Description The issue exists due to insufficient input validation in the ADS Discovery Service of TwinCAT software. Exploitation of this issue may allow a remote attacker to cause a partial denial of service by using a specially crafted UDP packet of 0 bytes. When a malformed UDP packet is received, the ADS Discovery Service shuts down, although the TwinCAT devices continue to function normally.

Recommendations For TwinCAT 2 versions prior to 2304, update to version 2304 or later to resolve the issue. For TwinCAT 3.1 versions prior to 4204.0, update to version 4204.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the UDP endpoint to minimize the risk of exploitation.