Beckhoff: Denial-of-Service vulnerability in the IPC-Diagnostics package included in TwinCAT/BSD operating system
Monitor5.5VDE-2024-049Aug 27, 2024
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary
TwinCAT/BSD-based Beckhoff industrial PCs have a default-enabled web management interface (Beckhoff Device Manager UI). A local user with non-administrator credentials can submit specially crafted input to the interface, causing the MDPWebServer process to consume excessive CPU and RAM, degrading system availability and potentially halting automation processes. This is caused by improper input validation in the web server process (CWE-770: Allocation of Resources Without Limits or Throttling).
What this means
What could happen
An attacker with local access to a TwinCAT/BSD-based industrial PC could submit specially crafted input to the web management interface, causing the MDPWebServer process to consume excessive CPU and memory, degrading system performance or causing the PC to become unresponsive and potentially halting automation processes.
Who's at risk
This affects facility operators and engineers managing Beckhoff-based industrial automation controllers and IPCs (Industrial Personal Computers) running TwinCAT/BSD, including process automation systems in water treatment, power distribution, and manufacturing facilities. Any site using a Beckhoff IPC with the bundled diagnostics and management web interface is affected.
How it could be exploited
An attacker with local user account access to the TwinCAT/BSD system uses the Beckhoff Device Manager UI (web interface enabled by default) to submit specially crafted input that causes the MDPWebServer process to enter a resource-exhaustion loop, consuming CPU and RAM until the system becomes unresponsive.
Prerequisites
- Local user account credentials on the TwinCAT/BSD system
- Physical or network access to the local management network
- Ability to reach the web management interface (default enabled)
Low attack complexityLow authentication complexity (non-admin local account)Local attack vector onlyAffects availability (denial of service)Default configuration enables vulnerability
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
IPC Diagnostics package <2.0.0.1<2.0.0.12.0.0.1
TwinCAT/BSD <14.1.2.0_153968<14.1.2.0 15396814.1.2.0_153968
Remediation & Mitigation
0/5
Do now
0/2HARDENINGDisable the Beckhoff Device Manager UI web interface if remote management is not required; restrict access to local network only if remote access is needed
HARDENINGRemove or disable non-administrator user accounts on the TwinCAT/BSD system; ensure all active accounts have strong passwords
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
HOTFIXUpdate IPC Diagnostics package to version 2.0.0.1 or later
HOTFIXUpdate TwinCAT/BSD to version 14.1.2.0_153968 or later
Long-term hardening
0/1HARDENINGAudit and remove any third-party applications running on the TwinCAT/BSD system that have not been formally validated
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/36d1e9d5-0ba6-4c5b-a129-a33d3296fe21