PT-2021-5257 · Beckhoff · Twincat Opc Ua Server+1
Published
2021-05-13
·
Updated
2021-05-25
·
CVE-2020-12526
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
TwinCAT OPC UA Server versions up to 2.3.0.12
IPC Diagnostics UA Server versions up to 3.1.0.1
Description
The issue exists due to insufficient input validation, allowing a remote attacker to cause a denial of service. This can be achieved by sending several specifically crafted requests to the running OPC UA server, after which the server is no longer responsive to any client. The real-time functionality of IPCs remains unaffected.
Recommendations
For TwinCAT OPC UA Server versions up to 2.3.0.12, update to a version later than 2.3.0.12 to resolve the issue.
For IPC Diagnostics UA Server versions up to 3.1.0.1, update to a version later than 3.1.0.1 to resolve the issue.
As a temporary workaround, consider restricting access to the OPC UA server to minimize the risk of exploitation.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ipc Diagnostics Ua Server
Twincat Opc Ua Server