Published: 08/06/2015 Updated: 31/12/2016

CVSS v2 Base Score: 9 | Impact Score: 8.5 | Exploitability Score: 10

VMScore: 801

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:C

Beckhoff IPC Diagnostics prior to 1.8 does not properly restrict access to functions in /config, which allows remote malicious users to cause a denial of service (reboot or shutdown), create arbitrary users, or possibly have unspecified other impact via a crafted request, as demonstrated by a beckhoff.com:service:cxconfig:1#Write SOAP action to /upnpisapi.

Vulnerable Product	Search on Vulmon	Subscribe to Product
beckhoff ipc diagnostics

This proof of concept exploit allows any attack to reboot any CX9020 PLC and add random (Web) users to be configured ...

Beckhoff IPC Diagnostics versions prior to 18 suffer from an authentication bypass vulnerability ...

CWE-284 http://seclists.org/fulldisclosure/2015/Jun/10 http://www.thesecurityfactory.be/permalink/beckhoff-authentication-bypass.html http://ftp.beckhoff.com/download/document/IndustPC/Advisory-2015-001.pdf http://www.securityfocus.com/bid/75042 http://packetstormsecurity.com/files/134071/Beckoff-CX9020-CPU-Model-Remote-Code-Execution.html http://packetstormsecurity.com/files/132168/Beckhoff-IPC-Diagnositcs-Authentication-Bypass.html https://nvd.nist.gov https://packetstormsecurity.com/files/134071/Beckoff-CX9020-CPU-Model-Remote-Code-Execution.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2015-4051

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect