Vulnerability Details CVE-2019-5637
When Beckhoff TwinCAT is configured to use the Profinet driver, a denial of service of the controller could be reached by sending a malformed UDP packet to the device. This issue affects TwinCAT 2 version 2304 (and prior) and TwinCAT 3.1 version 4204.0 (and prior).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.5%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://blog.rapid7.com/2019/10/08/r7-2019-32-denial-of-service-vulnerabilities-in-beckhoff-twincat-plc-environment-fixed/
- https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2019-007.pdf
- https://blog.rapid7.com/2019/10/08/r7-2019-32-denial-of-service-vulnerabilities-in-beckhoff-twincat-plc-environment-fixed/
- https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2019-007.pdf
Products affected by CVE-2019-5637
-
cpe:2.3:h:beckhoff:twincat_cx2030:-
-
cpe:2.3:h:beckhoff:twincat_cx5140:-
-
cpe:2.3:o:beckhoff:twincat:3.1.4022.29
-
cpe:2.3:o:beckhoff:twincat:3.1.4022.30