CVE-2020-12494

Name of the Vulnerable Software and Affected Versions Beckhoff TwinCAT RT (affected versions not specified)

Description The issue is related to the disclosure of information in the TwinCAT RT network driver. It can be exploited by a remote attacker to reveal protected information. The driver's implementation of real-time features for EtherCAT functionality is affected, where Ethernet frames with payloads less than the minimum frame size are not properly padded, leading to the transmission of arbitrary memory content in the padding bytes. This can result in the disclosure of memory content, although an attacker has limited control over which content is disclosed. For example, this can be triggered by sending small-sized ICMP echo requests to the device.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.