QwikSec

Security Database

CVE

CWE

Training

CVE-2014-5415

Published: Oct 5, 2016

Modified: Nov 4, 2025

PUBLISHED

CVSS v3.1

9.1

CRITICAL

Description

Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components might allow remote attackers to obtain access via the (1) Windows CE Remote Configuration Tool, (2) CE Remote Display service, or (3) TELNET service.

Vendor	Product	Versions
Beckhoff	Embedded PC Images	affected `0 - < October 22, 2014`
Beckhoff	TwinCAT Components featuring Automation Device Specification (ADS) communication	affected `All`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

References

vdb-entry

x_refsource_BID

https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2014-001.pdf

https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2014-002.pdf

https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2014-003.pdf

https://www.cisa.gov/news-events/ics-advisories/icsa-16-278-02

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2016/icsa-16-278-02.json

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.