Sign-up

ID

VAR-201610-0668


CVE

CVE-2014-5415


TITLE

Beckhoff Embedded PC Images And automation device specifications TwinCAT Vulnerabilities that can gain access to components

Trust: 0.8

sources: JVNDB: JVNDB-2014-008183

DESCRIPTION

Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components might allow remote attackers to obtain access via the (1) Windows CE Remote Configuration Tool, (2) CE Remote Display service, or (3) TELNET service. Beckhoff Embedded PC Images is an industrial control system that is installed in the control cabinet and can be functionally configured. Automation Device Specification (ADS) TwinCAT Components is a PC real-time controller software product. Beckhoff Embedded PC images have a security vulnerability in versions prior to 2014-10-22 and in the Automation Device Specificatios TwinCAT component. Multiple Beckhoff Products are prone to multiple security-bypass vulnerabilities. Successfully exploiting these issues may allow attackers to perform unauthorized actions. This may lead to other attacks

Trust: 2.79

sources: NVD: CVE-2014-5415 // JVNDB: JVNDB-2014-008183 // CNVD: CNVD-2016-08764 // BID: 93349 // IVD: 7d722f71-463f-11e9-8b02-000c29342cb1 // IVD: 0e4c5094-4469-481e-b710-ff49b9bc9bf0

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.0

sources: IVD: 7d722f71-463f-11e9-8b02-000c29342cb1 // IVD: 0e4c5094-4469-481e-b710-ff49b9bc9bf0 // CNVD: CNVD-2016-08764

AFFECTED PRODUCTS

vendor:beckhoffmodel:embedded pc imagesscope:eqversion: -

Trust: 1.6

vendor:beckhoffmodel:twincatscope:eqversion: -

Trust: 1.6

vendor:beckhoff automationmodel:twincatscope: - version: -

Trust: 0.8

vendor:beckhoff automationmodel:embedded pc imagesscope:ltversion:2014-10-22 earlier

Trust: 0.8

vendor:beckhoffmodel:embedded pc imagesscope:ltversion:2014-10-22

Trust: 0.6

vendor:beckhoffmodel:automation device specification twincat componentsscope: - version: -

Trust: 0.6

vendor:embedded pc imagesmodel: - scope:eqversion: -

Trust: 0.4

vendor:twincatmodel: - scope:eqversion: -

Trust: 0.4

vendor:beckhoffmodel:twincatscope:eqversion:0

Trust: 0.3

vendor:beckhoffmodel:embedded pcscope:eqversion:0

Trust: 0.3

sources: IVD: 7d722f71-463f-11e9-8b02-000c29342cb1 // IVD: 0e4c5094-4469-481e-b710-ff49b9bc9bf0 // CNVD: CNVD-2016-08764 // BID: 93349 // JVNDB: JVNDB-2014-008183 // CNNVD: CNNVD-201610-014 // NVD: CVE-2014-5415

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-5415
value: CRITICAL

Trust: 1.0

NVD: CVE-2014-5415
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2016-08764
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201610-014
value: CRITICAL

Trust: 0.6

IVD: 7d722f71-463f-11e9-8b02-000c29342cb1
value: CRITICAL

Trust: 0.2

IVD: 0e4c5094-4469-481e-b710-ff49b9bc9bf0
value: CRITICAL

Trust: 0.2

nvd@nist.gov: CVE-2014-5415
severity: HIGH
baseScore: 9.4
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-08764
severity: HIGH
baseScore: 9.4
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 7d722f71-463f-11e9-8b02-000c29342cb1
severity: HIGH
baseScore: 9.4
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 0e4c5094-4469-481e-b710-ff49b9bc9bf0
severity: HIGH
baseScore: 9.4
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2014-5415
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.0

Trust: 1.8

sources: IVD: 7d722f71-463f-11e9-8b02-000c29342cb1 // IVD: 0e4c5094-4469-481e-b710-ff49b9bc9bf0 // CNVD: CNVD-2016-08764 // JVNDB: JVNDB-2014-008183 // CNNVD: CNNVD-201610-014 // NVD: CVE-2014-5415

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.8

sources: JVNDB: JVNDB-2014-008183 // NVD: CVE-2014-5415

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201610-014

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201610-014

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-008183

PATCH
title:Advisory 2014-002: ADS communication port allows password bruteforceurl:http://ftp.beckhoff.com/download/document/ipc/industrial-pc/advisory-2014-002.pdf
Trust: 0.8
title:Advisory 2014-003: Recommendation to change default passwordsurl:http://ftp.beckhoff.com/download/document/ipc/industrial-pc/advisory-2014-003.pdf
Trust: 0.8
title:Documentation about IPC Securityurl:https://download.beckhoff.com/download/Document/ipc/industrial-pc/ipc_security_en.pdf
Trust: 0.8
title:Advisory 2014-001: Potential misuse of several administrative servicesurl:http://ftp.beckhoff.com/download/document/ipc/industrial-pc/advisory-2014-001.pdf
Trust: 0.8
title:Patch for Beckhoff Embedded PC Image and Automation Device Specification TwinCAT Component Security Bypass Vulnerability (CNVD-2016-08764)url:https://www.cnvd.org.cn/patchInfo/show/82316
Trust: 0.6
title:Beckhoff Embedded PC Image and Automation Device Specification TwinCAT Fixes for component security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=64454
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-08764 // 
            
            
            
            JVNDB: JVNDB-2014-008183 // 
            
            
            
            CNNVD: CNNVD-201610-014

EXTERNAL IDS
db:NVDid:CVE-2014-5415
Trust: 3.7
db:ICS CERTid:ICSA-16-278-02
Trust: 3.3
db:BIDid:93349
Trust: 1.9
db:CNVDid:CNVD-2016-08764
Trust: 1.0
db:CNNVDid:CNNVD-201610-014
Trust: 1.0
db:JVNDBid:JVNDB-2014-008183
Trust: 0.8
db:IVDid:7D722F71-463F-11E9-8B02-000C29342CB1
Trust: 0.2
db:IVDid:0E4C5094-4469-481E-B710-FF49B9BC9BF0
Trust: 0.2
sources:
            
            
            IVD: 7d722f71-463f-11e9-8b02-000c29342cb1 // 
            
            
            
            IVD: 0e4c5094-4469-481e-b710-ff49b9bc9bf0 // 
            
            
            
            CNVD: CNVD-2016-08764 // 
            
            
            
            BID: 93349 // 
            
            
            
            JVNDB: JVNDB-2014-008183 // 
            
            
            
            CNNVD: CNNVD-201610-014 // 
            
            
            
            NVD: CVE-2014-5415

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-16-278-02
Trust: 3.3
url:http://www.securityfocus.com/bid/93349
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5415
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-5415
Trust: 0.8
url:http://www.beckhoff.com
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2016-08764 // 
            
            
            
            BID: 93349 // 
            
            
            
            JVNDB: JVNDB-2014-008183 // 
            
            
            
            CNNVD: CNNVD-201610-014 // 
            
            
            
            NVD: CVE-2014-5415

CREDITS
Marko Schuba from FH Aachen University of Applied Sciences.
Trust: 0.3
sources:
            
            
            BID: 93349

SOURCES
db:IVDid:7d722f71-463f-11e9-8b02-000c29342cb1
db:IVDid:0e4c5094-4469-481e-b710-ff49b9bc9bf0
db:CNVDid:CNVD-2016-08764
db:BIDid:93349
db:JVNDBid:JVNDB-2014-008183
db:CNNVDid:CNNVD-201610-014
db:NVDid:CVE-2014-5415

LAST UPDATE DATE
2025-04-13T23:17:50.530000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-08764date:2016-10-13T00:00:00
db:BIDid:93349date:2016-10-10T00:04:00
db:JVNDBid:JVNDB-2014-008183date:2016-10-11T00:00:00
db:CNNVDid:CNNVD-201610-014date:2016-10-21T00:00:00
db:NVDid:CVE-2014-5415date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:IVDid:7d722f71-463f-11e9-8b02-000c29342cb1date:2016-10-13T00:00:00
db:IVDid:0e4c5094-4469-481e-b710-ff49b9bc9bf0date:2016-10-13T00:00:00
db:CNVDid:CNVD-2016-08764date:2016-10-13T00:00:00
db:BIDid:93349date:2016-10-04T00:00:00
db:JVNDBid:JVNDB-2014-008183date:2016-10-11T00:00:00
db:CNNVDid:CNNVD-201610-014date:2016-10-09T00:00:00
db:NVDid:CVE-2014-5415date:2016-10-05T10:59:01.280