Beckhoff TwinCAT Denial-of-Service in Profinet driver

VDE-2019-019 (2019-10-09 09:25 UTC+0100)

CVE Identifier

CVE-2019-5637

Affected Vendors

Beckhoff

Affected Products

All TwinCAT versions equal or below

  • TwinCAT 2 Build 2304
  • TwinCAT 3.1 Build 4024.0

Vulnerability Type

Divide By Zero (CWE-369)

Summary

In case TwinCAT is configured to use the Profinet driver, a denial of service of the controller could be reached by sending special packets to the device.

Impact

TwinCAT includes a Profinet driver, which could be configured in the engineering environment to use Profinet connections to the controller.

In case this is configured and the controller is started, a specially crafted Profinet DCP packet could be sent to the TwinCAT device, which will lead to a denial of service of the device.

Operation can be resumed by restarting the device.

Solution

Profinet could be blocked in perimeter firewall to block PROFINET DCP packets from untrusted networks to the device.

Beckhoff will provide updates for the mentioned TwinCAT Versions.

Reported by

Beckhoff Automation thanks Andreas Galauner from Rapid7 for support and efforts within coordinated disclousure.