CVE-2017-16718
N/A
N/A
Summary
Beckhoff TwinCAT 3 supports communication over ADS. ADS is a protocol for industrial automation in protected environments. This protocol uses user configured routes, that can be edited remotely via ADS. This special command supports encrypted authentication with username/password. The encryption uses a fixed key, that could be extracted by an attacker. Precondition of the exploitation of this weakness is network access at the moment a route is added.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ICS-CERT | Beckhoff TwinCAT | Version 3 | affected |
Weaknesses
- CWE-522: Insufficiently Protected Credentials CWE-522
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.