Beckhoff TwinCAT 3 supports communication over ADS. ADS is a protocol for industrial automation in protected environments. This protocol uses user configured routes, that can be edited remotely via ADS. This special command supports encrypted authentication with username/password. The encryption uses a fixed key, that could be extracted by an attacker. Precondition of the exploitation of this weakness is network access at the moment a route is added.
References
Link | Resource |
---|---|
https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2017-002.pdf | Mitigation Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: icscert
Published: 2018-06-27T00:00:00
Updated: 2018-06-27T18:57:01
Reserved: 2017-11-09T00:00:00
Link: CVE-2017-16718
JSON object: View
NVD Information
Status : Modified
Published: 2018-06-27T19:29:00.233
Modified: 2019-10-09T23:25:14.113
Link: CVE-2017-16718
JSON object: View
Redhat Information
No data.