CVE-2017-16718 - OpenCVE

Beckhoff TwinCAT 3 supports communication over ADS. ADS is a protocol for industrial automation in protected environments. This protocol uses user configured routes, that can be edited remotely via ADS. This special command supports encrypted authentication with username/password. The encryption uses a fixed key, that could be extracted by an attacker. Precondition of the exploitation of this weakness is network access at the moment a route is added.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Beckhoff	Twincat

Configuration 1 [-]

cpe:2.3:a:beckhoff:twincat:3.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2017-002.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2018-06-27T19:00:00Z

Updated: 2024-09-16T17:28:00.754Z

Reserved: 2017-11-09T00:00:00

Link: CVE-2017-16718

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-06-27T19:29:00.233

Modified: 2019-10-09T23:25:14.113

Link: CVE-2017-16718

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Beckhoff TwinCAT", "vendor": "ICS-CERT", "versions": [{"status": "affected", "version": "Version 3"}]}], "datePublic": "2018-06-27T00:00:00", "descriptions": [{"lang": "en", "value": "Beckhoff TwinCAT 3 supports communication over ADS. ADS is a protocol for industrial automation in protected environments. This protocol uses user configured routes, that can be edited remotely via ADS. This special command supports encrypted authentication with username/password. The encryption uses a fixed key, that could be extracted by an attacker. Precondition of the exploitation of this weakness is network access at the moment a route is added."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-522", "description": "Insufficiently Protected Credentials CWE-522", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-06-27T18:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2017-002.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2018-06-27T00:00:00", "ID": "CVE-2017-16718", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Beckhoff TwinCAT", "version": {"version_data": [{"version_value": "Version 3"}]}}]}, "vendor_name": "ICS-CERT"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Beckhoff TwinCAT 3 supports communication over ADS. ADS is a protocol for industrial automation in protected environments. This protocol uses user configured routes, that can be edited remotely via ADS. This special command supports encrypted authentication with username/password. The encryption uses a fixed key, that could be extracted by an attacker. Precondition of the exploitation of this weakness is network access at the moment a route is added."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Insufficiently Protected Credentials CWE-522"}]}]}, "references": {"reference_data": [{"name": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2017-002.pdf", "refsource": "MISC", "url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2017-002.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T20:35:20.926Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2017-002.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2017-16718", "datePublished": "2018-06-27T19:00:00Z", "dateReserved": "2017-11-09T00:00:00", "dateUpdated": "2024-09-16T17:28:00.754Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:beckhoff:twincat:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "934FE489-5AC5-4BD9-B301-25C6FCC14206", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Beckhoff TwinCAT 3 supports communication over ADS. ADS is a protocol for industrial automation in protected environments. This protocol uses user configured routes, that can be edited remotely via ADS. This special command supports encrypted authentication with username/password. The encryption uses a fixed key, that could be extracted by an attacker. Precondition of the exploitation of this weakness is network access at the moment a route is added."}, {"lang": "es", "value": "Beckhoff TwinCAT 3 soporta comunicaciones mediante ADS. ADS es un protocolo para la automatizaci\u00f3n industrial en entornos protegidos. Este protocolo emplea rutas configuradas que pueden ser editadas de forma remota mediante ADS. Este comando especial soporta la autenticaci\u00f3n cifrada con un nombre de usuario y una contrase\u00f1a. El cifrado emplea una clave fija que podr\u00eda ser extra\u00edda por un atacante. Una precondici\u00f3n para la explotaci\u00f3n de esta debilidad es contar con acceso de red en el momento en el que se a\u00f1ade una ruta."}], "id": "CVE-2017-16718", "lastModified": "2019-10-09T23:25:14.113", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-06-27T19:29:00.233", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2017-002.pdf"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-327"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-522"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}