CVE-2019-16871
CRITICALBeckhoff TwinCAT < 3.1 - Remote Code Execution via ADS Protocol
Title source: llmDescription
Beckhoff Embedded Windows PLCs through 3.1.4024.0, and Beckhoff Twincat on Windows Engineering stations, allow an attacker to achieve Remote Code Execution (as SYSTEM) via the Beckhoff ADS protocol.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.ic4.be/2019/12/18/beckhoff-cve-2019-16871/#more-648
Vendor Advisory x_refsource_confirm
https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2017-001.pdf
Scores
CVSS v3
9.8
EPSS
0.0530
EPSS Percentile
91.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-290
Status
published
Products (3)
beckhoff/twincat
2.0
beckhoff/twincat
3.1 build_4022 (2 CPE variants)
beckhoff/twincat
3.0 - 3.1
Published
Dec 19, 2019
Tracked Since
Feb 18, 2026