Platform

Beckhoff

Pioneer of PC-based control technology. Products include CX Embedded PCs, AX5000 servo drives, EtherCAT I/O modules, and TwinCAT 3 software PLC.

https://www.beckhoff.com/ →

Total CVEs

Resources

CVEsCVEs SpecsTech Specs DocsTech Docs ImplImplementations ExamplesExamples

5 / 16

CVE-2020-20741CRITICAL

Incorrect Access Control in Beckhoff Automation GmbH & Co. KG CX9020 with firmware version CX9020_CB3011_WEC7_HPS_v602_TC31_B4016.6 allows remote attackers to bypass authentication via the "CE Remote Display Tool" as it does not close the incoming connection on the Windows CE side if the credentials are incorrect.

Jul 23, 2021

9.8

CVE-2019-16871CRITICAL

Beckhoff Embedded Windows PLCs through 3.1.4024.0, and Beckhoff Twincat on Windows Engineering stations, allow an attacker to achieve Remote Code Execution (as SYSTEM) via the Beckhoff ADS protocol.

Dec 19, 2019

9.8

CVE-2017-16726CRITICAL

Beckhoff TwinCAT supports communication over ADS. ADS is a protocol for industrial automation in protected environments. ADS has not been designed to achieve security purposes and therefore does not include any encryption algorithms because of their negative effect on performance and throughput. An attacker can forge arbitrary ADS packets when legitimate ADS traffic is observable.

Jun 27, 2018

9.1

CVE-2014-5415CRITICAL

Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components might allow remote attackers to obtain access via the (1) Windows CE Remote Configuration Tool, (2) CE Remote Display service, or (3) TELNET service.

Oct 5, 2016

9.1

CVE-2014-5414CRITICAL

Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components do not restrict the number of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.

Oct 5, 2016

9.1

CVE ID ⇅	Severity ↓	CVSS ⇅	Description	Published ⇅
CVE-2020-20741	CRITICAL	9.8	Incorrect Access Control in Beckhoff Automation GmbH & Co. KG CX9020 with firmware version CX9020_CB…	Jul 23, 2021	›
CVE-2019-16871	CRITICAL	9.8	Beckhoff Embedded Windows PLCs through 3.1.4024.0, and Beckhoff Twincat on Windows Engineering stati…	Dec 19, 2019	›
CVE-2017-16726	CRITICAL	9.1	Beckhoff TwinCAT supports communication over ADS. ADS is a protocol for industrial automation in pro…	Jun 27, 2018	›
CVE-2014-5415	CRITICAL	9.1	Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT comp…	Oct 5, 2016	›
CVE-2014-5414	CRITICAL	9.1	Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT comp…	Oct 5, 2016	›

5 / 16

CVE-2020-20741CRITICAL

Jul 23, 2021

9.8

CVE-2019-16871CRITICAL

Beckhoff Embedded Windows PLCs through 3.1.4024.0, and Beckhoff Twincat on Windows Engineering stations, allow an attacker to achieve Remote Code Execution (as SYSTEM) via the Beckhoff ADS protocol.

Dec 19, 2019

9.8

CVE-2017-16726CRITICAL

Jun 27, 2018

9.1

CVE-2014-5415CRITICAL

Oct 5, 2016

9.1

CVE-2014-5414CRITICAL

Oct 5, 2016

9.1

CVE ID ⇅	Severity ↓	CVSS ⇅	Description	Published ⇅
CVE-2020-20741	CRITICAL	9.8	Incorrect Access Control in Beckhoff Automation GmbH & Co. KG CX9020 with firmware version CX9020_CB…	Jul 23, 2021	›
CVE-2019-16871	CRITICAL	9.8	Beckhoff Embedded Windows PLCs through 3.1.4024.0, and Beckhoff Twincat on Windows Engineering stati…	Dec 19, 2019	›
CVE-2017-16726	CRITICAL	9.1	Beckhoff TwinCAT supports communication over ADS. ADS is a protocol for industrial automation in pro…	Jun 27, 2018	›
CVE-2014-5415	CRITICAL	9.1	Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT comp…	Oct 5, 2016	›
CVE-2014-5414	CRITICAL	9.1	Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT comp…	Oct 5, 2016	›