Share: Email | Twitter

ID

VDE-2019-019

Published

2019-10-09 09:25 (CEST)

Last update

2021-09-07 10:50 (CEST)

Vendor(s)

Beckhoff Automation GmbH & Co. KG

Product(s)

<= TwinCAT 2 Build 2304
<= TwinCAT 3.1 Build 4024.0

Summary

In case TwinCAT is configured to use the Profinet driver, a denial of service of the controller could be reached by sending special packets to the device.


Weakness

Divide By Zero  (CWE-369) 

Summary

When Beckhoff TwinCAT is configured to use the Profinet driver, a denial of service of the controller could be reached by sending a malformed UDP packet to the device. This issue affects TwinCAT 2 version 2304 (and prior) and TwinCAT 3.1 version 4204.0 (and prior).

Impact

TwinCAT includes a Profinet driver, which could be configured in the engineering environment to use Profinet connections to the controller.

In case this is configured and the controller is started, a specially crafted Profinet DCP packet could be sent to the TwinCAT device, which will lead to a denial of service of the device.

Operation can be resumed by restarting the device.

Solution

Profinet could be blocked in perimeter firewall to block PROFINET DCP packets from untrusted networks to the device.

Beckhoff will provide updates for the mentioned TwinCAT Versions.

Reported by

Beckhoff Automation thanks Andreas Galauner from Rapid7 for support and efforts within coordinated disclousure.