CVE-2017-16718
First published: Wed Jun 27 2018(Updated: )
Beckhoff TwinCAT 3 supports communication over ADS. ADS is a protocol for industrial automation in protected environments. This protocol uses user configured routes, that can be edited remotely via ADS. This special command supports encrypted authentication with username/password. The encryption uses a fixed key, that could be extracted by an attacker. Precondition of the exploitation of this weakness is network access at the moment a route is added.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Beckhoff TwinCAT Extended Automation Runtime | =3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-16718?
CVE-2017-16718 is classified as a high severity vulnerability due to potential unauthorized access to sensitive functions.
How do I fix CVE-2017-16718?
To fix CVE-2017-16718, ensure that the software is updated to the latest version provided by Beckhoff.
What type of devices are affected by CVE-2017-16718?
CVE-2017-16718 affects devices running Beckhoff TwinCAT 3.0, specifically in industrial automation environments.
What can attackers do with CVE-2017-16718?
Attackers exploiting CVE-2017-16718 may gain unauthorized access to communication routes configured over ADS.
Is there a patch available for CVE-2017-16718?
Yes, Beckhoff has released an advisory detailing the necessary patches to mitigate CVE-2017-16718.
- agent/weakness
- agent/author
- agent/description
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- agent/last-modified-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/severity
- agent/references
- agent/event
- vendor/beckhoff
- canonical/beckhoff twincat extended automation runtime
- version/beckhoff twincat extended automation runtime/3.0