Beckhoff: TwinCAT Denial-of-Service in Profinet driver
Monitor7.5VDE-2019-019Oct 9, 2019
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
TwinCAT Profinet driver contains a denial-of-service vulnerability (CWE-369 division by zero or similar arithmetic error). When the Profinet driver processes specially crafted DCP packets, the TwinCAT controller crashes, disrupting operations. Affects TwinCAT versions 2304 and earlier, and 4204.0 and earlier when Profinet is configured. Beckhoff has not yet released patches for these versions.
What this means
What could happen
An attacker on the network can crash the TwinCAT controller by sending malformed Profinet packets, causing loss of control over connected industrial processes until the controller restarts.
Who's at risk
Water utilities and power distributors using Beckhoff TwinCAT controllers with Profinet communication enabled. This affects any facility where TwinCAT automates pump stations, treatment processes, distribution pumps, or power control systems that rely on Profinet for device communication.
How it could be exploited
An attacker sends specially crafted Profinet DCP (Discovery and Configuration Protocol) packets to the network port where TwinCAT is listening. The Profinet driver crashes when processing these packets, causing the entire controller to stop responding. No authentication or user interaction is required.
Prerequisites
- Network access to the TwinCAT controller on the Profinet port
- TwinCAT Profinet driver enabled in the controller configuration
remotely exploitableno authentication requiredlow complexityno patch availableaffects industrial control
Affected products (2)
2 EOL
ProductAffected VersionsFix Status
TwinCAT <=4204.0≤ 4204.0No fix (EOL)
TwinCAT <=2304≤ 2304No fix (EOL)
Remediation & Mitigation
0/3
Do now
0/2WORKAROUNDBlock PROFINET DCP packets from untrusted networks to the TwinCAT controller using perimeter firewall rules (typically UDP port 34962)
WORKAROUNDDisable the Profinet driver in TwinCAT if not required for your process
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXMonitor Beckhoff security advisories and apply firmware updates when patches become available
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/9ff6c5f2-7721-4f21-9906-a580c619ec34