Beckhoff Twincat Exposure of Sensitive Information to an Unauthorized Actor

medium Tenable.ot Plugin ID 500466
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Beckhoff's TwinCAT RT network driver for Intel 8254x and 8255x is providing EtherCAT functionality. The driver implements real-time features. Except for Ethernet frames sent from real-time functionality, all other Ethernet frames sent through the driver are not padded if their payload is less than the minimum Ethernet frame size. Instead, arbitrary memory content is transmitted within in the padding bytes of the frame. Most likely this memory contains slices from previously transmitted or received frames. By this method, memory content is disclosed, however, an attacker can hardly control which memory content is affected. For example, the disclosure can be provoked with small sized ICMP echo requests sent to the device.

Solution

Refer to vendor advisory for Security Updates

See Also

https://cert.vde.com/en-us/advisories/vde-2020-019

Plugin Details

Severity: Medium

ID: 500466

Version: 1.0

Type: local

Family: SCADA

Published: 8/10/2021

Updated: 8/10/2021

Risk Information

CVSS Score Source: CVE-2020-12494

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Vulnerability Information

CPE: cpe:2.3:a:beckhoff:twincat:*:*:*:*:*:*:*:*, cpe:2.3:a:beckhoff:twincat_driver:*:*:*:*:*:*:*:*

Patch Publication Date: 6/16/2020

Vulnerability Publication Date: 6/16/2020

Reference Information

CVE: CVE-2020-12494