CVE-2011-3486
published 2011-09-16CVE-2011-3486: Beckhoff TwinCAT 2.11.0.2004 and earlier allows remote attackers to cause a denial of service via a crafted request to UDP port 48899, which triggers an…
PriorityP342medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
50.56%
98.8th percentile
Beckhoff TwinCAT 2.11.0.2004 and earlier allows remote attackers to cause a denial of service via a crafted request to UDP port 48899, which triggers an out-of-bounds read.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| beckhoff | twincat | <= 2.11.0.2004 | — |
| beckhoff | twincat | — | — |
| beckhoff | twincat | — | — |
| beckhoff | twincat | — | — |
| beckhoff | twincat | — | — |
Detection & IOCsextracted from sources · hover to see the quote
bytes↗
03 66 14 71 00 00 00 00 06 00 00 00 0a ff ff 02 01 01 10 27
- →Detect crafted UDP packets to port 48899 targeting Beckhoff TwinCAT; the malicious payload begins with bytes 03 66 14 71 and is sent with a total size of 0x5fe bytes. ↗
- →Monitor for unexpected or high-volume UDP traffic destined for port 48899 on Windows hosts running TCATSysSrv.exe, which is the vulnerable process. ↗
- →An attacker with a low skill level can trigger the DoS; treat any anomalous UDP/48899 traffic as high-priority given the low exploitation difficulty. ↗
- ·Firewall rules should block UDP port 48899 from untrusted networks as a compensating control if the patch cannot be applied immediately. ↗
- ·Affected versions span TwinCAT 2.10, 2.11, and 2.11R2; ensure patch coverage includes all three release lines. ↗
- ·Patch must be obtained directly from Beckhoff; contact [email protected] for the fix and installation instructions. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Beckhoff TwinCAT Read Access Violation
cisa_ics·2011-09-13·CVSS 5.0
[MEDIUM] Beckhoff TwinCAT Read Access Violation
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Beckhoff TwinCAT Read Access Violation
Last RevisedSeptember 06, 2018
Alert CodeICSA-11-279-04
## Overview
This Advisory is a follow-up to the Alert, ICS-ALERT-11-256-06—BECKHOFF TWINCAT READ ACCESS VIOLATION, that was published September 13, 2011, on the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) web page.
ICS-CERT is aware of a public report of a read access violation vulnerability in Beckhoff’s TwinCAT Software that could lead to a denial-of-service condition. Beckhoff has produced a patch to address this vulnerability in TwinCAT Software.
## Affect
GHSA
GHSA-74h6-2hgj-rvpx: Beckhoff TwinCAT 2
ghsa_unreviewed·2022-05-17
CVE-2011-3486 [MEDIUM] CWE-119 GHSA-74h6-2hgj-rvpx: Beckhoff TwinCAT 2
Beckhoff TwinCAT 2.11.0.2004 and earlier allows remote attackers to cause a denial of service via a crafted request to UDP port 48899, which triggers an out-of-bounds read.
No detection rules found.
Exploit-DB
Beckhoff TwinCAT 2.11.0.2004 - Denial of Service
exploitdb·2011-09-14
CVE-2011-3486 Beckhoff TwinCAT 2.11.0.2004 - Denial of Service
Beckhoff TwinCAT 2.11.0.2004 - Denial of Service
---
#######################################################################
Luigi Auriemma
Application: Beckhoff TwinCAT
http://www.beckhoff.de/twincat/
Versions: <= 2.11.0.2004
Platforms: Windows
Bug: Denial of Service
Exploitation: remote
Date: 13 Sep 2011
Author: Luigi Auriemma
e-mail: [email protected]
web: aluigi.org
#######################################################################
1) Introduction
2) Bug
3) The Code
4) Fix
#######################################################################
1) Introduction
From vendor's website:
"The Beckhoff TwinCAT software system turns almost any compatible PC
into a real-time controller with a multi-PLC system, NC axis control,
programming environment and operating station."
Exploit-DB
SmarterMail 7.3/7.4 - Multiple Vulnerabilities
exploitdb·2011-03-10·CVSS 4.3
CVE-2010-3486 [MEDIUM] SmarterMail 7.3/7.4 - Multiple Vulnerabilities
SmarterMail 7.3/7.4 - Multiple Vulnerabilities
---
Author: Hoyt LLC Research | http://xss.cx | http://cloudscan.me
Identified: October 28, 2010
Vendor: SmarterTools
Application: SmarterMail 7.x
Bug(s): Stored XSS, Reflected XSS, Directory Traversal, File Upload Parameters, OS Execution, XML Injection, LDAP Injection, DoS
Patch: The Vendor has released SmarterMail Version 8 at URI http://www.smartertools.com/Download.aspx?Product=SmarterMail&File=Installer&Version=8&Location=Primary
Timeline: Notify Vendor 10-28-2011 on Version 7.3 with respect to Stored XSS, other Vulns
Vendor updates to Version 7.4 on 12.30.2010, Notify Vendor of Stored XSS, other Vulns
Vendor updates to Version 8.0 on 3.10.2011
Publication: March 10, 2011 | Hoyt LLC Research publishes vulnerability information for
Metasploit
Beckhoff TwinCAT SCADA PLC 2.11.0.2004 DoS
metasploit
Beckhoff TwinCAT SCADA PLC 2.11.0.2004 DoS
Beckhoff TwinCAT SCADA PLC 2.11.0.2004 DoS
The Beckhoff TwinCAT version <= 2.11.0.2004 can be brought down by sending a crafted UDP packet to port 48899 (TCATSysSrv.exe).
No writeups or analysis indexed.
http://aluigi.altervista.org/adv/twincat_1-adv.txthttp://osvdb.org/75495http://securityreason.com/securityalert/8380http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-06.pdfhttps://exchange.xforce.ibmcloud.com/vulnerabilities/69765http://aluigi.altervista.org/adv/twincat_1-adv.txthttp://osvdb.org/75495http://securityreason.com/securityalert/8380http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-06.pdfhttps://exchange.xforce.ibmcloud.com/vulnerabilities/69765
2011-09-16
Published