Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2014-5415

Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components might allow remote attackers to obtain access via the (1) Windows CE Remote Configuration Tool, (2) CE Remote Display service, or (3) TELNET service.

Published

2016-10-05T10:59:01.280

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 9.1 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

9.2

Weaknesses

Type: Primary
CWE-264

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	beckhoff	embedded_pc_images	-	Yes
Application	beckhoff	twincat	-	Yes

References

http://www.securityfocus.com/bid/93349 ([email protected])
https://ics-cert.us-cert.gov/advisories/ICSA-16-278-02 Third Party Advisory, US Government Resource ([email protected])
http://www.securityfocus.com/bid/93349 (af854a3a-2127-422b-91ae-364da2661108)
https://ics-cert.us-cert.gov/advisories/ICSA-16-278-02 Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)