Rapid7 researcher Andreas Galauner has discovered two vulnerabilities affecting the TwinCAT PLC environment. The first, CVE-2019-5637 describes a denial-of-service (DoS) condition resulting from a divide-by-zero error CWE-369 when processing a malformed UDP packet, and has a CVSSv3 base score of 7.5. The second, CVE-2019-5636, describes a DoS condition by removing a routing table after processing an empty UDP packet, and has a CVSSv3 base score of 5.3.
Credit
These issues were discovered by Andreas Galauner of Rapid7 and reported in accordance with Rapid7's vulnerability disclosure policy.
TwinCAT product description
TwinCAT is a PLC runtime developed by the company Beckhoff. It runs on top of Windows and extends the Windows kernel with real-time capabilities, a number of network protocol stacks for industrial fieldbuses, a runtime for programming languages defined in IEC 61131-3, and additional components for motion control.
This runtime is used to perform typical industrial control tasks for use in machines or other industrial processes. Different ..
Support the originator by clicking the read the rest link below.
){kind=link}