What is the severity of CVE-2020-12526?

CVE-2020-12526 has a severity rating that indicates it can lead to denial of service attacks.

How do I fix CVE-2020-12526?

To fix CVE-2020-12526, update the TwinCAT OPC UA Server and IPC Diagnostics UA Server to their latest versions.

Which versions are affected by CVE-2020-12526?

CVE-2020-12526 affects TwinCAT OPC UA Server versions up to 2.3.0.12 and IPC Diagnostics UA Server versions up to 3.1.0.1.

What type of attack does CVE-2020-12526 enable?

CVE-2020-12526 enables attackers to perform denial of service attacks against the vulnerable OPC UA servers.

Who is affected by CVE-2020-12526?

Organizations using Beckhoff Automation OPC UA servers, specifically affected versions, are at risk from CVE-2020-12526.

Vulnerability/
CVE-2020-12526

medium

5.3

CWE

13/5/2021

16/9/2024

CVE-2020-12526: BECKHOFF: DoS-Vulnerability for TwinCAT OPC UA Server and IPC Diagnostics UA Server

First published: Thu May 13 2021(Updated: )

TwinCAT OPC UA Server in versions up to 2.3.0.12 and IPC Diagnostics UA Server in versions up to 3.1.0.1 from Beckhoff Automation GmbH & Co. KG are vulnerable to denial of service attacks. The attacker needs to send several specifically crafted requests to the running OPC UA server. After some of these requests the OPC UA server is no longer responsive to any client. This is without effect to the real-time functionality of IPCs.

Credit: info@cert.vde.com

Affected Software	Affected Version	How to fix
Beckhoff IPC Diagnostics	<=3.1.0.1
Beckhoff Tf6100 Firmware	<=3.3.18
Beckhoff TwinCAT OPC UA Server	<=2.3.0.12

Remedy

For devices running Windows but not Windows CE or TwinCAT/BSD please get a recent version of the OPC UA servers through the conventional ways and update your system. For devices running Windows CE please request a recent image via Beckhoff’s support and apply it to your device. For the product CX8091 please use firmware version "CX8091_CE600_LF_v356f_TC211R3_B2306_v2" or later. Please note that the updated OPC UA server leaves less RAM available to your application on the CX8091.

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2020-12526?
CVE-2020-12526 has a severity rating that indicates it can lead to denial of service attacks.
How do I fix CVE-2020-12526?
To fix CVE-2020-12526, update the TwinCAT OPC UA Server and IPC Diagnostics UA Server to their latest versions.
Which versions are affected by CVE-2020-12526?
CVE-2020-12526 affects TwinCAT OPC UA Server versions up to 2.3.0.12 and IPC Diagnostics UA Server versions up to 3.1.0.1.
What type of attack does CVE-2020-12526 enable?
CVE-2020-12526 enables attackers to perform denial of service attacks against the vulnerable OPC UA servers.
Who is affected by CVE-2020-12526?
Organizations using Beckhoff Automation OPC UA servers, specifically affected versions, are at risk from CVE-2020-12526.

agent/references
agent/type
agent/softwarecombine
agent/remedy
agent/weakness
agent/author
agent/title
agent/severity
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/beckhoff
canonical/beckhoff ipc diagnostics
version/beckhoff ipc diagnostics/3.1.0.1
canonical/beckhoff tf6100 firmware
version/beckhoff tf6100 firmware/3.3.18
canonical/beckhoff twincat opc ua server
version/beckhoff twincat opc ua server/2.3.0.12

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.