CVE-2014-5414
CRITICALBeckhoff Embedded PC Images - Security Feature Bypass
Title source: ruleDescription
Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components do not restrict the number of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.
References (7)
Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/93349
Various Sources
https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2014-001.pdf
Various Sources
https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2014-002.pdf
Various Sources
https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2014-003.pdf
Various Sources
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2016/icsa-16-278-02.json
Third Party Advisory, US Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-16-278-02
Third Party Advisory, US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-16-278-02
Scores
CVSS v3
9.1
EPSS
0.0594
EPSS Percentile
90.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-254
CWE-307
Status
published
Products (4)
Beckhoff/Embedded PC Images
< October 22, 2014
beckhoff/embedded_pc_images
beckhoff/twincat
Beckhoff/TwinCAT Components featuring Automation Device Specification (ADS) communication
All
Published
Oct 05, 2016
Tracked Since
Feb 18, 2026