Vulnerability Description
Beckhoff Embedded Windows PLCs through 3.1.4024.0, and Beckhoff Twincat on Windows Engineering stations, allow an attacker to achieve Remote Code Execution (as SYSTEM) via the Beckhoff ADS protocol.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Beckhoff | Twincat | >= 3.0, < 3.1 |
Related Weaknesses (CWE)
References
- https://download.beckhoff.com/download/document/product-security/Advisories/adviVendor Advisory
- https://www.ic4.be/2019/12/18/beckhoff-cve-2019-16871/#more-648ExploitThird Party Advisory
- https://download.beckhoff.com/download/document/product-security/Advisories/adviVendor Advisory
- https://www.ic4.be/2019/12/18/beckhoff-cve-2019-16871/#more-648ExploitThird Party Advisory
FAQ
What is CVE-2019-16871?
CVE-2019-16871 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Beckhoff Embedded Windows PLCs through 3.1.4024.0, and Beckhoff Twincat on Windows Engineering stations, allow an attacker to achieve Remote Code Execution (as SYSTEM) via the Beckhoff ADS protocol.
How severe is CVE-2019-16871?
CVE-2019-16871 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-16871?
Check the references section above for vendor advisories and patch information. Affected products include: Beckhoff Twincat.