CVE-2014-5415

CRITICAL

Beckhoff Embedded PC <2014-10-22 - RCE

Title source: llm

Description

Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components might allow remote attackers to obtain access via the (1) Windows CE Remote Configuration Tool, (2) CE Remote Display service, or (3) TELNET service.

References (7)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/93349

[Various Sources] https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2014-001.pdf

[Various Sources] https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2014-002.pdf

[Various Sources] https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2014-003.pdf

[Various Sources] https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2016/icsa-16-278-02.json

View Writeup ZIP pw:eip

[Third Party Advisory, US Government Resource] https://ics-cert.us-cert.gov/advisories/ICSA-16-278-02

[Third Party Advisory, US Government Resource] https://www.cisa.gov/news-events/ics-advisories/icsa-16-278-02

Scores

CVSS v3 9.1

EPSS 0.0419

EPSS Percentile 88.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

CWE

CWE-749 CWE-264

Status published

Products (4)

Beckhoff/Embedded PC Images < October 22, 2014

beckhoff/embedded_pc_images

beckhoff/twincat

Beckhoff/TwinCAT Components featuring Automation Device Specification (ADS) communication All

Published Oct 05, 2016

Tracked Since Feb 18, 2026