BECKHOFF: BK9000 couplers - Denial of service inhibits function

BK9000 couplers - Denial of service inhibits function

VDE-2020-005 (2020-03-10 14:17 UTC+0100)

CVE Identifier

CVE-2020-9464

Affected Vendors

Beckhoff

Affected Products

BK9000 Ethernet TCP/IP Bus Coupler - all versions affected

Summary

The coupler’s function could be inhibited by an attack.

Impact

The coupler’s function could be inhibited by a denial of service attack. The coupler will not recover after the attack has stopped.
A reboot of the device recovers the operation.

Solution

Mitigation

Beckhoff will not change this behaviour.
Customers should configure a perimeter firewall to block traffic from untrusted networks to the device.

Reported by

Beckhoff Automation thanks Martin Menschner from Rhebo GmbH for support and efforts within coordinated
disclousure.
Beckhoff reported the vulnerability to CERT@VDE.