{"containers": {"cna": {"affected": [{"product": "TwinCAT 2", "vendor": "Beckhoff", "versions": [{"lessThanOrEqual": "2304", "status": "affected", "version": "2304", "versionType": "custom"}]}, {"product": "TwinCAT 3.1", "vendor": "Beckhoff", "versions": [{"lessThanOrEqual": "4204.0", "status": "affected", "version": "4204.0", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "This issue was discovered, and reported to Rapid7, by Andreas Galauner at Rapid7. It is being disclosed in accordance with Rapid7's vulnerability disclosure policy (https://www.rapid7.com/disclosure/)."}], "datePublic": "2019-10-08T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "When a Beckhoff TwinCAT Runtime receives a malformed UDP packet, the ADS Discovery Service shuts down. Note that the TwinCAT devices are still performing as normal. This issue affects TwinCAT 2 version 2304 (and prior) and TwinCAT 3.1 version 4204.0 (and prior)."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-404", "description": "CWE-404 Improper Resource Shutdown or Release", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-02-04T22:58:40.000Z", "orgId": "9974b330-7714-4307-a722-5648477acda7", "shortName": "rapid7"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2019-004.pdf"}, {"tags": ["x_refsource_MISC"], "url": "https://blog.rapid7.com/2019/10/08/r7-2019-32-denial-of-service-vulnerabilities-in-beckhoff-twincat-plc-environment-fixed/"}], "source": {"advisory": "R7-2019-32", "discovery": "EXTERNAL"}, "title": "Beckhoff TwinCAT Discovery Service Denial of Service", "x_generator": {"engine": "Vulnogram 0.0.8"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@rapid7.com", "DATE_PUBLIC": "2019-10-08T14:05:00.000Z", "ID": "CVE-2019-5636", "STATE": "PUBLIC", "TITLE": "Beckhoff TwinCAT Discovery Service Denial of Service"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "TwinCAT 2", "version": {"version_data": [{"version_affected": "<=", "version_name": "2304", "version_value": "2304"}]}}, {"product_name": "TwinCAT 3.1", "version": {"version_data": [{"version_affected": "<=", "version_name": "4204.0", "version_value": "4204.0"}]}}]}, "vendor_name": "Beckhoff"}]}}, "credit": [{"lang": "eng", "value": "This issue was discovered, and reported to Rapid7, by Andreas Galauner at Rapid7. It is being disclosed in accordance with Rapid7's vulnerability disclosure policy (https://www.rapid7.com/disclosure/)."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "When a Beckhoff TwinCAT Runtime receives a malformed UDP packet, the ADS Discovery Service shuts down. Note that the TwinCAT devices are still performing as normal. This issue affects TwinCAT 2 version 2304 (and prior) and TwinCAT 3.1 version 4204.0 (and prior)."}]}, "generator": {"engine": "Vulnogram 0.0.8"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-404 Improper Resource Shutdown or Release"}]}]}, "references": {"reference_data": [{"name": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2019-004.pdf", "refsource": "CONFIRM", "url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2019-004.pdf"}, {"name": "https://blog.rapid7.com/2019/10/08/r7-2019-32-denial-of-service-vulnerabilities-in-beckhoff-twincat-plc-environment-fixed/", "refsource": "MISC", "url": "https://blog.rapid7.com/2019/10/08/r7-2019-32-denial-of-service-vulnerabilities-in-beckhoff-twincat-plc-environment-fixed/"}]}, "source": {"advisory": "R7-2019-32", "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T20:01:52.163Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2019-004.pdf"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://blog.rapid7.com/2019/10/08/r7-2019-32-denial-of-service-vulnerabilities-in-beckhoff-twincat-plc-environment-fixed/"}]}]}, "cveMetadata": {"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7", "assignerShortName": "rapid7", "cveId": "CVE-2019-5636", "datePublished": "2019-11-21T19:16:12.913Z", "dateReserved": "2019-01-07T00:00:00.000Z", "dateUpdated": "2024-09-17T03:18:42.935Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:beckhoff:twincat:2.0:build2304:*:*:*:*:*:*", "matchCriteriaId": "CB711A2C-9F84-4462-82C8-296C51CC2F60", "vulnerable": true}, {"criteria": "cpe:2.3:a:beckhoff:twincat:3.1:build4024.0:*:*:*:*:*:*", "matchCriteriaId": "BB46CCC9-4BF8-43CC-A382-5287F432DC9B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "When a Beckhoff TwinCAT Runtime receives a malformed UDP packet, the ADS Discovery Service shuts down. Note that the TwinCAT devices are still performing as normal. This issue affects TwinCAT 2 version 2304 (and prior) and TwinCAT 3.1 version 4204.0 (and prior)."}, {"lang": "es", "value": "Cuando un Beckhoff TwinCAT Runtime recibe un paquete UDP con formato incorrecto, el servicio de descubrimiento de ADS se cierra. Tenga en cuenta que los dispositivos TwinCAT siguen funcionando normalmente. Este problema afecta a TwinCAT 2 versi\u00f3n 2304 (y anterior) y TwinCAT 3.1 versi\u00f3n 4204.0 (y anterior)."}], "id": "CVE-2019-5636", "lastModified": "2024-11-21T04:45:16.907", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "cve@rapid7.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-11-21T20:15:15.897", "references": [{"source": "cve@rapid7.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://blog.rapid7.com/2019/10/08/r7-2019-32-denial-of-service-vulnerabilities-in-beckhoff-twincat-plc-environment-fixed/"}, {"source": "cve@rapid7.com", "tags": ["Vendor Advisory"], "url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2019-004.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://blog.rapid7.com/2019/10/08/r7-2019-32-denial-of-service-vulnerabilities-in-beckhoff-twincat-plc-environment-fixed/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2019-004.pdf"}], "sourceIdentifier": "cve@rapid7.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-404"}], "source": "cve@rapid7.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-404"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}