CVE-2011-3486

Beckhoff TwinCAT <2.11.0.2004 - DoS

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2011-3486. PoCs published by Luigi Auriemma, Luigi Auriemma, jfa, including Metasploit module auxiliary/dos/scada/beckhoff_twincat.

AI-analyzed exploit summary This exploit triggers a Denial of Service (DoS) in Beckhoff TwinCAT by sending a malformed UDP packet to port 48899, causing an invalid read access. The provided command uses a custom tool (udpsz) to send the crafted payload.

Description

Beckhoff TwinCAT 2.11.0.2004 and earlier allows remote attackers to cause a denial of service via a crafted request to UDP port 48899, which triggers an out-of-bounds read.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Luigi Auriemma · textdoswindows

https://www.exploit-db.com/exploits/17835

View Code ZIP pw:eip

This exploit triggers a Denial of Service (DoS) in Beckhoff TwinCAT by sending a malformed UDP packet to port 48899, causing an invalid read access. The provided command uses a custom tool (udpsz) to send the crafted payload.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Beckhoff TwinCAT <= 2.11.0.2004

No auth needed

Prerequisites: Network access to the target system · UDP port 48899 accessible

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC

by Luigi Auriemma, jfa · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/scada/beckhoff_twincat.rb

View Code ZIP pw:eip

This Metasploit module exploits a DoS vulnerability in Beckhoff TwinCAT SCADA PLC by sending a crafted UDP packet to port 48899, causing an access violation in TCATSysSrv.exe. The payload consists of a specific byte sequence followed by a large buffer of null and 0xFF bytes.

Classification

Working Poc 100%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Beckhoff TwinCAT SCADA PLC version <= 2.11.0.2004

No auth needed

Prerequisites: Network access to the target system on UDP port 48899

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/69765

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/8380

US Government Resource x_refsource_misc

http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-06.pdf

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/75495

Exploit x_refsource_misc

http://aluigi.altervista.org/adv/twincat_1-adv.txt

Scores

EPSS 0.5056

EPSS Percentile 98.8%

Details

CWE

CWE-119

Status published

Products (5)

beckhoff/twincat 2.7

beckhoff/twincat 2.8

beckhoff/twincat 2.9

beckhoff/twincat 2.10

beckhoff/twincat < 2.11.0.2004

Published Sep 16, 2011

Tracked Since Feb 18, 2026