CVE-2017-16726

EPSS 0.07%
Veröffentlicht 27.06.2018 19:29:00
Zuletzt bearbeitet 21.11.2024 03:16:51
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

Beckhoff TwinCAT supports communication over ADS. ADS is a protocol for industrial automation in protected environments. ADS has not been designed to achieve security purposes and therefore does not include any encryption algorithms because of their negative effect on performance and throughput. An attacker can forge arbitrary ADS packets when legitimate ADS traffic is observable.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Beckhoff ≫ Twincat Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.219

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.1	3.9	5.2	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
nvd@nist.gov	6.4	10	4.9	AV:N/AC:L/Au:N/C:P/I:P/A:N

CWE-285 Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

CWE-326 Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2017-001.pdf

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-16726

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-16726

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-16726

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2017-16726