cbcvebase.
CVE-2011-3486
published 2011-09-16

CVE-2011-3486: Beckhoff TwinCAT 2.11.0.2004 and earlier allows remote attackers to cause a denial of service via a crafted request to UDP port 48899, which triggers an…

PriorityP342medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
50.56%
98.8th percentile
Beckhoff TwinCAT 2.11.0.2004 and earlier allows remote attackers to cause a denial of service via a crafted request to UDP port 48899, which triggers an out-of-bounds read.

Affected

5 ranges
VendorProductVersion rangeFixed in
beckhofftwincat<= 2.11.0.2004
beckhofftwincat
beckhofftwincat
beckhofftwincat
beckhofftwincat

Detection & IOCsextracted from sources · hover to see the quote

port48899/UDP
processTCATSysSrv.exe
bytes
03 66 14 71 00 00 00 00 06 00 00 00 0a ff ff 02 01 01 10 27
  • Detect crafted UDP packets to port 48899 targeting Beckhoff TwinCAT; the malicious payload begins with bytes 03 66 14 71 and is sent with a total size of 0x5fe bytes.
  • Monitor for unexpected or high-volume UDP traffic destined for port 48899 on Windows hosts running TCATSysSrv.exe, which is the vulnerable process.
  • An attacker with a low skill level can trigger the DoS; treat any anomalous UDP/48899 traffic as high-priority given the low exploitation difficulty.
  • ·Firewall rules should block UDP port 48899 from untrusted networks as a compensating control if the patch cannot be applied immediately.
  • ·Affected versions span TwinCAT 2.10, 2.11, and 2.11R2; ensure patch coverage includes all three release lines.
  • ·Patch must be obtained directly from Beckhoff; contact [email protected] for the fix and installation instructions.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.