9.4
CVE-2014-5415
- EPSS 4.34%
- Veröffentlicht 05.10.2016 10:59:01
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginBeckhoff Embedded PC Images and TwinCAT Components Exposed Dangerous Method or Function
Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components might allow remote attackers to obtain access via the (1) Windows CE Remote Configuration Tool, (2) CE Remote Display service, or (3) TELNET service.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Beckhoff ≫ Embedded Pc Images Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.34% | 0.899 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.1 | 3.9 | 5.2 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
|
| nvd@nist.gov | 9.4 | 10 | 9.2 |
AV:N/AC:L/Au:N/C:C/I:C/A:N
|
| ics-cert@hq.dhs.gov | 9.1 | 3.9 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
|
CWE-749 Exposed Dangerous Method or Function
The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.
http://www.securityfocus.com/bid/93349
https://ics-cert.us-cert.gov/advisories/ICSA-16-278-02
https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2014-001.pdf
https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2014-002.pdf
https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2014-003.pdf
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2016/icsa-16-278-02.json
https://www.cisa.gov/news-events/ics-advisories/icsa-16-278-02