CVE-2020-12494 — MEDIUM (5.3)

Q: How severe is CVE-2020-12494?

CVE-2020-12494 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-12494?

Check the references section above for vendor advisories and patch information. Affected products include: Beckhoff Twincat Driver, Beckhoff Twincat, Intel 82540Em, Intel 82540Ep, Intel 82541Ei.

Vulnerability Description

Beckhoff's TwinCAT RT network driver for Intel 8254x and 8255x is providing EtherCAT functionality. The driver implements real-time features. Except for Ethernet frames sent from real-time functionality, all other Ethernet frames sent through the driver are not padded if their payload is less than the minimum Ethernet frame size. Instead, arbitrary memory content is transmitted within in the padding bytes of the frame. Most likely this memory contains slices from previously transmitted or received frames. By this method, memory content is disclosed, however, an attacker can hardly control which memory content is affected. For example, the disclosure can be provoked with small sized ICMP echo requests sent to the device.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Beckhoff	Twincat Driver	<= 3.1.0.3603
Beckhoff	Twincat	3.1
Intel	82540Em	-
Intel	82540Ep	-
Intel	82541Ei	-
Intel	82541Er	-
Intel	82541Gi	-
Intel	82541Pi	-
Intel	82544Ei	-
Intel	82544Gc	-
Intel	82545Em	-
Intel	82545Gm	-
Intel	82546Eb	-
Intel	82546Gb	-
Intel	82547Ei	-
Intel	82547Gi	-
Intel	82547Ei	-
Intel	82557	-
Intel	82558	-
Intel	82559	-

Related Weaknesses (CWE)

CWE-459

References

https://cert.vde.com/en-us/advisories/vde-2020-019Third Party Advisory
https://cert.vde.com/en-us/advisories/vde-2020-019Third Party Advisory

FAQ

What is CVE-2020-12494?

CVE-2020-12494 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Beckhoff's TwinCAT RT network driver for Intel 8254x and 8255x is providing EtherCAT functionality. The driver implements real-time features. Except for Ethernet frames sent from real-time functionali...

How severe is CVE-2020-12494?

CVE-2020-12494 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-12494?

Check the references section above for vendor advisories and patch information. Affected products include: Beckhoff Twincat Driver, Beckhoff Twincat, Intel 82540Em, Intel 82540Ep, Intel 82541Ei.