Vulnerability Description
TwinCAT OPC UA Server in versions up to 2.3.0.12 and IPC Diagnostics UA Server in versions up to 3.1.0.1 from Beckhoff Automation GmbH & Co. KG are vulnerable to denial of service attacks. The attacker needs to send several specifically crafted requests to the running OPC UA server. After some of these requests the OPC UA server is no longer responsive to any client. This is without effect to the real-time functionality of IPCs.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Beckhoff | Ipc Diagnostics Ua Server | <= 3.1.0.1 |
| Beckhoff | Tf6100 | <= 3.3.18 |
| Beckhoff | Twincat Opc Ua Server | <= 2.3.0.12 |
Related Weaknesses (CWE)
References
- https://cert.vde.com/en-us/advisories/vde-2020-051Third Party Advisory
- https://download.beckhoff.com/download/Document/product-security/Advisories/adviVendor Advisory
- https://cert.vde.com/en-us/advisories/vde-2020-051Third Party Advisory
- https://download.beckhoff.com/download/Document/product-security/Advisories/adviVendor Advisory
FAQ
What is CVE-2020-12526?
CVE-2020-12526 is a vulnerability with a CVSS score of 5.3 (MEDIUM). TwinCAT OPC UA Server in versions up to 2.3.0.12 and IPC Diagnostics UA Server in versions up to 3.1.0.1 from Beckhoff Automation GmbH & Co. KG are vulnerable to denial of service attacks. The attacke...
How severe is CVE-2020-12526?
CVE-2020-12526 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-12526?
Check the references section above for vendor advisories and patch information. Affected products include: Beckhoff Ipc Diagnostics Ua Server, Beckhoff Tf6100, Beckhoff Twincat Opc Ua Server.