Description
Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components do not restrict the number of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None
Affected products
References
- MISChttp://www.securityfocus.com/bid/93349
- VENDOR_ADVISORYhttps://download.beckhoff.com/download/document/product-security/Advisories/advisory-2014-001.pdf
- VENDOR_ADVISORYhttps://download.beckhoff.com/download/document/product-security/Advisories/advisory-2014-002.pdf
- VENDOR_ADVISORYhttps://download.beckhoff.com/download/document/product-security/Advisories/advisory-2014-003.pdf
- VENDOR_ADVISORYhttps://www.cisa.gov/news-events/ics-advisories/icsa-16-278-02
- MISChttps://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2016/icsa-16-278-02.json