CVE-2020-12526 - OpenCVE

TwinCAT OPC UA Server in versions up to 2.3.0.12 and IPC Diagnostics UA Server in versions up to 3.1.0.1 from Beckhoff Automation GmbH & Co. KG are vulnerable to denial of service attacks. The attacker needs to send several specifically crafted requests to the running OPC UA server. After some of these requests the OPC UA server is no longer responsive to any client. This is without effect to the real-time functionality of IPCs.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Beckhoff	Ipc Diagnostics Ua Server Twincat Opc Ua Server Tf6100

Configuration 1 [-]

OR	cpe:2.3:a:beckhoff:ipc_diagnostics_ua_server::::::::
	cpe:2.3:a:beckhoff:tf6100::::::::
	cpe:2.3:a:beckhoff:twincat_opc_ua_server::::::::

References

Link	Resource
https://cert.vde.com/en-us/advisories/vde-2020-051	Third Party Advisory
https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2021-001.pdf	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: CERTVDE

Published: 2021-04-27T00:00:00

Updated: 2021-05-13T13:45:24

Reserved: 2020-04-30T00:00:00

Link: CVE-2020-12526

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-05-13T14:15:17.457

Modified: 2021-05-25T15:02:14.033

Link: CVE-2020-12526

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"containers": {"cna": {"affected": [{"product": "TwinCAT OPC UA Server", "vendor": "Beckhoff", "versions": [{"lessThanOrEqual": "2.3.0.12", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "IPC Diagnostics UA Server", "vendor": "Beckhoff", "versions": [{"lessThanOrEqual": "3.1.0.1", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "TF6100", "vendor": "Beckhoff", "versions": [{"lessThanOrEqual": "3.3.18", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Beckhoff Automation thanks Industrial Control Security Laboratory of QI-ANXIN Technology Group Inc. from China for reporting the issue and for support and efforts with the coordinated disclosure. Also Beckhoff Automation thanks CERT@VDE for coordination."}], "datePublic": "2021-04-27T00:00:00", "descriptions": [{"lang": "en", "value": "TwinCAT OPC UA Server in versions up to 2.3.0.12 and IPC Diagnostics UA Server in versions up to 3.1.0.1 from Beckhoff Automation GmbH & Co. KG are vulnerable to denial of service attacks. The attacker needs to send several specifically crafted requests to the running OPC UA server. After some of these requests the OPC UA server is no longer responsive to any client. This is without effect to the real-time functionality of IPCs."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-05-13T13:45:24", "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://cert.vde.com/en-us/advisories/vde-2020-051"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2021-001.pdf"}], "solutions": [{"lang": "en", "value": "For devices running Windows but not Windows CE or TwinCAT/BSD please get a recent version of the OPC UA servers through the conventional ways and update your system.\nFor devices running Windows CE please request a recent image via Beckhoff\u2019s support and apply it to your device.\nFor the product CX8091 please use firmware version \"CX8091_CE600_LF_v356f_TC211R3_B2306_v2\" or later.\nPlease note that the updated OPC UA server leaves less RAM available to your application on the CX8091."}], "source": {"advisory": "VDE-2020-051", "defect": ["VDE-2020-051"], "discovery": "EXTERNAL"}, "title": "BECKHOFF: DoS-Vulnerability for TwinCAT OPC UA Server and IPC Diagnostics UA Server", "workarounds": [{"lang": "en", "value": "Consider disabling the IPC Diagnostics Server by stopping and disabling the corresponding Windows service or service. For example this can be achieved with the following PowerShell commands:\n\nStop-Service -Force -Name DevMgrSvr-UA\nSet-Service -Name DevMgrSvr-UA -StartupType Disabled\n\nAlternatively consider limiting access to the TCP port the OPC UA server is listening on. This can happen with a dedicated firewall appliance which sits in front of an affected device. Alternatively at the device the Windows firewall can be configured to limit access to the TCP port."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "info@cert.vde.com", "DATE_PUBLIC": "2021-04-27T10:00:00.000Z", "ID": "CVE-2020-12526", "STATE": "PUBLIC", "TITLE": "BECKHOFF: DoS-Vulnerability for TwinCAT OPC UA Server and IPC Diagnostics UA Server"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "TwinCAT OPC UA Server", "version": {"version_data": [{"version_affected": "<=", "version_value": "2.3.0.12"}]}}, {"product_name": "IPC Diagnostics UA Server", "version": {"version_data": [{"version_affected": "<=", "version_value": "3.1.0.1"}]}}, {"product_name": "TF6100", "version": {"version_data": [{"version_affected": "<=", "version_value": "3.3.18"}]}}]}, "vendor_name": "Beckhoff"}]}}, "credit": [{"lang": "eng", "value": "Beckhoff Automation thanks Industrial Control Security Laboratory of QI-ANXIN Technology Group Inc. from China for reporting the issue and for support and efforts with the coordinated disclosure. Also Beckhoff Automation thanks CERT@VDE for coordination."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "TwinCAT OPC UA Server in versions up to 2.3.0.12 and IPC Diagnostics UA Server in versions up to 3.1.0.1 from Beckhoff Automation GmbH & Co. KG are vulnerable to denial of service attacks. The attacker needs to send several specifically crafted requests to the running OPC UA server. After some of these requests the OPC UA server is no longer responsive to any client. This is without effect to the real-time functionality of IPCs."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20 Improper Input Validation"}]}]}, "references": {"reference_data": [{"name": "https://cert.vde.com/en-us/advisories/vde-2020-051", "refsource": "CONFIRM", "url": "https://cert.vde.com/en-us/advisories/vde-2020-051"}, {"name": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2021-001.pdf", "refsource": "CONFIRM", "url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2021-001.pdf"}]}, "solution": [{"lang": "en", "value": "For devices running Windows but not Windows CE or TwinCAT/BSD please get a recent version of the OPC UA servers through the conventional ways and update your system.\nFor devices running Windows CE please request a recent image via Beckhoff\u2019s support and apply it to your device.\nFor the product CX8091 please use firmware version \"CX8091_CE600_LF_v356f_TC211R3_B2306_v2\" or later.\nPlease note that the updated OPC UA server leaves less RAM available to your application on the CX8091."}], "source": {"advisory": "VDE-2020-051", "defect": ["VDE-2020-051"], "discovery": "EXTERNAL"}, "work_around": [{"lang": "en", "value": "Consider disabling the IPC Diagnostics Server by stopping and disabling the corresponding Windows service or service. For example this can be achieved with the following PowerShell commands:\n\nStop-Service -Force -Name DevMgrSvr-UA\nSet-Service -Name DevMgrSvr-UA -StartupType Disabled\n\nAlternatively consider limiting access to the TCP port the OPC UA server is listening on. This can happen with a dedicated firewall appliance which sits in front of an affected device. Alternatively at the device the Windows firewall can be configured to limit access to the TCP port."}]}}}, "cveMetadata": {"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "assignerShortName": "CERTVDE", "cveId": "CVE-2020-12526", "datePublished": "2021-04-27T00:00:00", "dateReserved": "2020-04-30T00:00:00", "dateUpdated": "2021-05-13T13:45:24", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:beckhoff:ipc_diagnostics_ua_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "F2F63E85-BE46-46AE-BED7-5D4963672BEE", "versionEndIncluding": "3.1.0.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:beckhoff:tf6100:*:*:*:*:*:*:*:*", "matchCriteriaId": "5BE81331-ED73-4B59-BE98-E064A2C32B02", "versionEndIncluding": "3.3.18", "vulnerable": true}, {"criteria": "cpe:2.3:a:beckhoff:twincat_opc_ua_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "FFE1FF2F-5E28-4114-BCD5-B33B3898901E", "versionEndIncluding": "2.3.0.12", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "TwinCAT OPC UA Server in versions up to 2.3.0.12 and IPC Diagnostics UA Server in versions up to 3.1.0.1 from Beckhoff Automation GmbH & Co. KG are vulnerable to denial of service attacks. The attacker needs to send several specifically crafted requests to the running OPC UA server. After some of these requests the OPC UA server is no longer responsive to any client. This is without effect to the real-time functionality of IPCs."}, {"lang": "es", "value": "TwinCAT OPC UA Server en versiones hasta 2.3.0.12 e IPC Diagnostics UA Server en versiones hasta 3.1.0.1 de Beckhoff Automation GmbH & Co. KG son vulnerables a ataques de denegaci\u00f3n de servicio. El atacante necesita enviar varias peticiones dise\u00f1adas espec\u00edficamente al servidor OPC UA en ejecuci\u00f3n. Despu\u00e9s de algunas de estas peticiones, el servidor OPC UA ya no responde a ning\u00fan cliente. Esto no afecta a la funcionalidad en tiempo real de los IPC"}], "id": "CVE-2020-12526", "lastModified": "2021-05-25T15:02:14.033", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "info@cert.vde.com", "type": "Secondary"}]}, "published": "2021-05-13T14:15:17.457", "references": [{"source": "info@cert.vde.com", "tags": ["Third Party Advisory"], "url": "https://cert.vde.com/en-us/advisories/vde-2020-051"}, {"source": "info@cert.vde.com", "tags": ["Vendor Advisory"], "url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2021-001.pdf"}], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "info@cert.vde.com", "type": "Secondary"}]}