CVE-2020-12526 BECKHOFF: DoS-Vulnerability for TwinCAT OPC UA Server and IPC Diagnostics UA Server

🗓️ 13 May 2021 13:45:24Reported by CERTVDEType

CVE-2020-12526 BECKHOFF: DoS-Vulnerability for TwinCAT OPC UA Server and IPC Diagnostics UA Serve

Reporter	Title	Published	Views	Family All 9
BDU FSTEC	The vulnerabilities of the TwinCAT OPC UA Server and IPC Diagnostics UA Server stem from insufficient validation of input data, allowing attackers to trigger service failures.	16 Dec 202100:00	–	bdu_fstec
CNNVD	Honeywell OPC UA Tunneller 输入验证错误漏洞	13 May 202100:00	–	cnnvd
CVE	CVE-2020-12526	13 May 202113:45	–	cve
EUVD	EUVD-2020-4828	7 Oct 202500:30	–	euvd
NVD	CVE-2020-12526	13 May 202114:15	–	nvd
OSV	CVE-2020-12526	13 May 202114:15	–	osv
Tenable Nessus	Beckhoff Ipc Improper Input Validation	10 Aug 202100:00	–	nessus
Tenable Nessus	Beckhoff (CVE-2020-12526) (deprecated)	7 Feb 202200:00	–	nessus
Prion	Design/Logic Flaw	13 May 202114:15	–	prion

[
  {
    "product": "TwinCAT OPC UA Server",
    "vendor": "Beckhoff",
    "versions": [
      {
        "lessThanOrEqual": "2.3.0.12",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "IPC Diagnostics UA Server",
    "vendor": "Beckhoff",
    "versions": [
      {
        "lessThanOrEqual": "3.1.0.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "TF6100",
    "vendor": "Beckhoff",
    "versions": [
      {
        "lessThanOrEqual": "3.3.18",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
cert	www.cert.vde.com/en-us/advisories/vde-2020-051
download	www.download.beckhoff.com/download/Document/product-security/Advisories/advisory-2021-001.pdf

13 May 2021 13:45Current

5.2Medium risk

Vulners AI Score5.2

CVSS 3.15.3

EPSS0.00955

CWE-20