Share: Email | Twitter

ID

VDE-2020-005

Published

2020-03-10 14:17 (CET)

Last update

2020-03-10 14:17 (CET)

Vendor(s)

Beckhoff Automation GmbH & Co. KG

Product(s)

Article No° Product Name Affected Version(s)
BK9000 all versions

Summary

The coupler’s function could be inhibited by an attack.


Weakness

Uncontrolled Resource Consumption  (CWE-400) 

Summary

A Denial-of-Service vulnerability exists in BECKHOFF Ethernet TCP/IP Bus Coupler BK9000. After an attack has occurred, the device's functionality can be restored by rebooting.


Impact

The coupler’s function could be inhibited by a denial of service attack. The coupler will not recover after the attack has stopped.
A reboot of the device recovers the operation.

Solution

Beckhoff will not change this behaviour.

Mitigation

Customers should configure a perimeter firewall to block traffic from untrusted networks to the device.

Reported by

Beckhoff Automation thanks Martin Menschner from Rhebo GmbH for support and efforts within coordinated
disclousure.
Beckhoff reported the vulnerability to CERT@VDE.