Sign-up

ID

VAR-201912-1212


CVE

CVE-2019-16871


TITLE

Beckhoff Embedded Windows PLCs and Beckhoff Twincat Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-013949

DESCRIPTION

Beckhoff Embedded Windows PLCs through 3.1.4024.0, and Beckhoff Twincat on Windows Engineering stations, allow an attacker to achieve Remote Code Execution (as SYSTEM) via the Beckhoff ADS protocol. Beckhoff Embedded Windows PLCs and Beckhoff Twincat Contains an input validation vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Beckhoff TwinCAT is a set of programming software for programmable logic controllers (PLCs) from the German company Beckhoff. There are security holes in Beckhoff TwinCAT 2/3. An attacker could use the Beckhoff ADS protocol to exploit this vulnerability to execute code with SYSTEM permissions

Trust: 2.16

sources: NVD: CVE-2019-16871 // JVNDB: JVNDB-2019-013949 // CNVD: CNVD-2020-03120

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-03120

AFFECTED PRODUCTS

vendor:beckhoffmodel:twincatscope:eqversion:3.1

Trust: 1.6

vendor:beckhoffmodel:twincatscope:eqversion:2.0

Trust: 1.6

vendor:beckhoffmodel:twincatscope:ltversion:3.1

Trust: 1.0

vendor:beckhoffmodel:twincatscope:gteversion:3.0

Trust: 1.0

vendor:beckhoff automationmodel:twincatscope: - version: -

Trust: 0.8

vendor:beckhoffmodel:twincatscope:eqversion:2/3

Trust: 0.6

vendor:beckhoffmodel:twincatscope:eqversion:3.0

Trust: 0.6

sources: CNVD: CNVD-2020-03120 // JVNDB: JVNDB-2019-013949 // CNNVD: CNNVD-201912-943 // NVD: CVE-2019-16871

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-16871
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-16871
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-03120
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201912-943
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2019-16871
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-03120
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-16871
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-16871
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-03120 // JVNDB: JVNDB-2019-013949 // CNNVD: CNNVD-201912-943 // NVD: CVE-2019-16871

PROBLEMTYPE DATA

problemtype:CWE-290

Trust: 1.0

problemtype:CWE-20

Trust: 0.8

sources: JVNDB: JVNDB-2019-013949 // NVD: CVE-2019-16871

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-943

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201912-943

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-013949

PATCH
title:Advisory 2017-001: ADS is only designed for use in protected environmentsurl:https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2017-001.pdf
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-013949

EXTERNAL IDS
db:NVDid:CVE-2019-16871
Trust: 3.0
db:JVNDBid:JVNDB-2019-013949
Trust: 0.8
db:CNVDid:CNVD-2020-03120
Trust: 0.6
db:CNNVDid:CNNVD-201912-943
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-03120 // 
            
            
            
            JVNDB: JVNDB-2019-013949 // 
            
            
            
            CNNVD: CNNVD-201912-943 // 
            
            
            
            NVD: CVE-2019-16871

REFERENCES
url:https://download.beckhoff.com/download/document/product-security/advisories/advisory-2017-001.pdf
Trust: 2.2
url:https://www.ic4.be/2019/12/18/beckhoff-cve-2019-16871/#more-648
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-16871
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-16871
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-03120 // 
            
            
            
            JVNDB: JVNDB-2019-013949 // 
            
            
            
            CNNVD: CNNVD-201912-943 // 
            
            
            
            NVD: CVE-2019-16871

SOURCES
db:CNVDid:CNVD-2020-03120
db:JVNDBid:JVNDB-2019-013949
db:CNNVDid:CNNVD-201912-943
db:NVDid:CVE-2019-16871

LAST UPDATE DATE
2024-11-23T22:51:32.556000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-03120date:2020-01-22T00:00:00
db:JVNDBid:JVNDB-2019-013949date:2020-01-22T00:00:00
db:CNNVDid:CNNVD-201912-943date:2020-01-17T00:00:00
db:NVDid:CVE-2019-16871date:2024-11-21T04:31:14.783

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-03120date:2020-01-22T00:00:00
db:JVNDBid:JVNDB-2019-013949date:2020-01-22T00:00:00
db:CNNVDid:CNNVD-201912-943date:2019-12-19T00:00:00
db:NVDid:CVE-2019-16871date:2019-12-19T21:15:13.573