Description
Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components might allow remote attackers to obtain access via the (1) Windows CE Remote Configuration Tool, (2) CE Remote Display service, or (3) TELNET service.
References (7)
Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/93349
Various Sources
https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2014-001.pdf
Various Sources
https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2014-002.pdf
Various Sources
https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2014-003.pdf
Various Sources
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2016/icsa-16-278-02.json
Third Party Advisory, US Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-16-278-02
Third Party Advisory, US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-16-278-02
Scores
CVSS v3
9.1
EPSS
0.0434
EPSS Percentile
89.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-264
CWE-749
Status
published
Products (4)
Beckhoff/Embedded PC Images
< October 22, 2014
beckhoff/embedded_pc_images
beckhoff/twincat
Beckhoff/TwinCAT Components featuring Automation Device Specification (ADS) communication
All
Published
Oct 05, 2016
Tracked Since
Feb 18, 2026