CVE-2015-4051

EXPLOITED

Beckhoff IPC Diagnostics < 1.7 - Unauthenticated Denial of Service and Arbitrary User Creation via SOAP Action

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2015-4051 has been observed exploited in the wild (reported by VulnCheck KEV).

Description

Beckhoff IPC Diagnostics before 1.8 does not properly restrict access to functions in /config, which allows remote attackers to cause a denial of service (reboot or shutdown), create arbitrary users, or possibly have unspecified other impact via a crafted request, as demonstrated by a beckhoff.com:service:cxconfig:1#Write SOAP action to /upnpisapi.

References (6)

Core 6

Scores

EPSS 0.0573
EPSS Percentile 92.1%

Details

VulnCheck KEV 2020-12-01
CWE
CWE-284
Status published
Products (1)
beckhoff/ipc_diagnostics < 1.7
Published Jun 08, 2015
Tracked Since Feb 18, 2026