CVE-2020-12526

Summary

TwinCAT OPC UA Server in versions up to 2.3.0.12 and IPC Diagnostics UA Server in versions up to 3.1.0.1 from Beckhoff Automation GmbH & Co. KG are vulnerable to denial of service attacks. The attacker needs to send several specifically crafted requests to the running OPC UA server. After some of these requests the OPC UA server is no longer responsive to any client. This is without effect to the real-time functionality of IPCs.

Affected Software

VendorProductVersion RangeStatus
BeckhoffTwinCAT OPC UA Serverunspecified <= 2.3.0.12affected
BeckhoffIPC Diagnostics UA Serverunspecified <= 3.1.0.1affected
BeckhoffTF6100unspecified <= 3.3.18affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

Workarounds

Consider disabling the IPC Diagnostics Server by stopping and disabling the corresponding Windows service or service. For example this can be achieved with the following PowerShell commands:

Stop-Service -Force -Name DevMgrSvr-UA Set-Service -Name DevMgrSvr-UA -StartupType Disabled

Alternatively consider limiting access to the TCP port the OPC UA server is listening on. This can happen with a dedicated firewall appliance which sits in front of an affected device. Alternatively at the device the Windows firewall can be configured to limit access to the TCP port.

ADP Enrichment

CVE Program Container

Additional References

References