CVE-2020-12494
Published: Jun 16, 2020
Modified: Aug 4, 2024
CVSS v3.1
5.3
Description
Beckhoff's TwinCAT RT network driver for Intel 8254x and 8255x is providing EtherCAT functionality. The driver implements real-time features. Except for Ethernet frames sent from real-time functionality, all other Ethernet frames sent through the driver are not padded if their payload is less than the minimum Ethernet frame size. Instead, arbitrary memory content is transmitted within in the padding bytes of the frame. Most likely this memory contains slices from previously transmitted or received frames. By this method, memory content is disclosed, however, an attacker can hardly control which memory content is affected. For example, the disclosure can be provoked with small sized ICMP echo requests sent to the device.
| Vendor | Product | Versions |
|---|---|---|
Beckhoff | TwinCat Driver for Intel 8254x (Tcl8254x.sys) | affected unspecified - <= 3.1.0.3603 for TwinCAT 3.1 4024affected unspecified - <= 3.1.0.3512 for TwinCAT 3.1 4022affected unspecified - <= 2.11.0.2120 for TwinCAT 2.11 2350 |
Beckhoff | TwinCat Driver for Intel 8255x (Tcl8255x.sys) | affected unspecified - <= 3.1.0.3600 for TwinCAT 3.1 4024affected unspecified - <= 3.1.0.3500 for TwinCAT 3.1 4024affected unspecified - <= 2.11.0.2117 for TwinCAT 2.11 2350 |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now