CVE-2017-16726 Vulnerability Details

  /     /     /  

CVE-2017-16726 Metadata Quick Info

CVE Published: 27/06/2018 | CVE Updated: 16/09/2024 | CVE Year: 2017
Source: icscert | Vendor: ICS-CERT | Product: Beckhoff TwinCAT
Status : PUBLISHED

---

CVE-2017-16726 Description

Beckhoff TwinCAT supports communication over ADS. ADS is a protocol for industrial automation in protected environments. ADS has not been designed to achieve security purposes and therefore does not include any encryption algorithms because of their negative effect on performance and throughput. An attacker can forge arbitrary ADS packets when legitimate ADS traffic is observable.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-285
CWE Name: Improper Authorization CWE-285
Source: ICS-CERT

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).