ID
VAR-201911-0393
CVE
CVE-2019-5637
TITLE
Beckhoff TwinCAT Vulnerable to division by zero
Trust: 0.8
DESCRIPTION
When Beckhoff TwinCAT is configured to use the Profinet driver, a denial of service of the controller could be reached by sending a malformed UDP packet to the device. This issue affects TwinCAT 2 version 2304 (and prior) and TwinCAT 3.1 version 4204.0 (and prior). Beckhoff TwinCAT Contains a vulnerability related to division by zero.Service operation interruption (DoS) There is a possibility of being put into a state. Beckhoff TwinCAT is a software system consisting of a real-time environment and a real-time system that executes control programs in the development environment of the German Beckhoff company. This system is mainly used for PLC (Programmable Logic Controller) programming, diagnostics, and system configuration. There are security vulnerabilities in Beckhoff TwinCAT 2 Build 2304 and earlier and 3.1 Build 4024.0 and earlier
Trust: 2.16
IOT TAXONOMY
| category: | ['ICS'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | beckhoff | model: | twincat | scope: | eq | version: | 3.1.4022.29 | Trust: 1.6 |
| vendor: | beckhoff | model: | twincat | scope: | eq | version: | 3.1.4022.30 | Trust: 1.6 |
| vendor: | beckhoff automation | model: | twincat | scope: | - | version: | - | Trust: 0.8 |
| vendor: | beckhoff | model: | twincat build | scope: | lte | version: | <=22304 | Trust: 0.6 |
| vendor: | beckhoff | model: | twincat build | scope: | lte | version: | <=3.14024.0 | Trust: 0.6 |
| vendor: | beckhoff | model: | twincat cx5140 | scope: | eq | version: | - | Trust: 0.6 |
| vendor: | beckhoff | model: | twincat cx2030 | scope: | eq | version: | - | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-369 | Trust: 1.8 |
THREAT TYPE
remote
Trust: 0.6
TYPE
digital error
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | Beckhoff SecurityAdvisory 2019-07: Denial-of-Service on TwinCAT using Profinet protocol | url: | https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2019-007.pdf | Trust: 0.8 |
| title: | Patch for Beckhoff TwinCAT Denial of Service Vulnerability | url: | https://www.cnvd.org.cn/patchInfo/show/197593 | Trust: 0.6 |
| title: | Beckhoff TwinCAT Fixes for digital error vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=104684 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2019-5637 | Trust: 3.0 |
| db: | JVNDB | id: | JVNDB-2019-012810 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2020-02830 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-201911-1270 | Trust: 0.6 |
REFERENCES
| url: | https://nvd.nist.gov/vuln/detail/cve-2019-5637 | Trust: 2.0 |
| url: | https://download.beckhoff.com/download/document/product-security/advisories/advisory-2019-007.pdf | Trust: 1.6 |
| url: | https://blog.rapid7.com/2019/10/08/r7-2019-32-denial-of-service-vulnerabilities-in-beckhoff-twincat-plc-environment-fixed/ | Trust: 1.6 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5637 | Trust: 0.8 |
SOURCES
| db: | CNVD | id: | CNVD-2020-02830 |
| db: | JVNDB | id: | JVNDB-2019-012810 |
| db: | CNNVD | id: | CNNVD-201911-1270 |
| db: | NVD | id: | CVE-2019-5637 |
LAST UPDATE DATE
2024-11-23T23:11:38.238000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2020-02830 | date: | 2020-01-19T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-012810 | date: | 2019-12-13T00:00:00 |
| db: | CNNVD | id: | CNNVD-201911-1270 | date: | 2020-02-11T00:00:00 |
| db: | NVD | id: | CVE-2019-5637 | date: | 2024-11-21T04:45:17.030 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2020-02830 | date: | 2020-01-19T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-012810 | date: | 2019-12-13T00:00:00 |
| db: | CNNVD | id: | CNNVD-201911-1270 | date: | 2019-11-21T00:00:00 |
| db: | NVD | id: | CVE-2019-5637 | date: | 2019-11-21T20:15:15.990 |