Some TwinCAT OPC UA Server and IPC Diagnostics UA Server versions from Beckhoff Automation GmbH & Co. KG are vulnerable to denial of service attacks. The attacker needs to send several specifically crafted requests to the running OPC UA server. After some of these requests the OPC UA server is no longer responsive to any client. This is without effect to the real-time functionality of IPCs.

UPDATE A - 11.05.2021

Please note that some hardware products from Beckhoff are shipped with a TwinCAT OPC UA Server pre-installed. In some cases the server is enabled by default.

IPC Diagnostics UA Server (contained in Beckhoff’s Windows images)

  • server versions up to and including 3.1.0.1 are affected
  • Please note that IPC products from Beckhoff are shipped with an IPC Diagnostics UA Server pre-installed. In all cases the server is disabled by default.

The version numbers named above always refer to the version number which is accessible via OPC UA at the server via the standard OPC UA node /Objects/Server/ServerStatus/BuildInfo/SoftwareVersion and on Windows also as the file property "File version" of the file TcOpcUaServer.exe for TwinCAT OPC UA Server respectively the file DevMgrSvr-UA.exe for IPC Diagnostics UA Server.

UPDATE A - 11.05.2021

Please note that IPC products from Beckhoff are shipped with an IPC Diagnostics UA Server pre-installed. While on Windows CE it is disabled by default all other Windows images have it enabled by default.



Multiple issues have been identified in dnsmasq < 2.83



Feeds

By Vendor

Archive

2022
2021
2020
2019
2018
2017

Legend

(Scoring for CVSS 2.0,3.0+3.1)
None
No CVE available
Low
0.1 <= 3.9
Medium
4.0 <= 6.9
High
7.0 <= 8.9
Critical
9.0 <= 10.0