Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2020-12494

Disclosure Date: June 16, 2020
CVE-2020-12494
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Beckhoff’s TwinCAT RT network driver for Intel 8254x and 8255x is providing EtherCAT functionality. The driver implements real-time features. Except for Ethernet frames sent from real-time functionality, all other Ethernet frames sent through the driver are not padded if their payload is less than the minimum Ethernet frame size. Instead, arbitrary memory content is transmitted within in the padding bytes of the frame. Most likely this memory contains slices from previously transmitted or received frames. By this method, memory content is disclosed, however, an attacker can hardly control which memory content is affected. For example, the disclosure can be provoked with small sized ICMP echo requests sent to the device.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
TwinCat Driver for Intel 8254x (Tcl8254x.sys) 3.1.0.3603 for TwinCAT 3.1 4024
TwinCat Driver for Intel 8254x (Tcl8254x.sys) 3.1.0.3512 for TwinCAT 3.1 4022
TwinCat Driver for Intel 8254x (Tcl8254x.sys) 2.11.0.2120 for TwinCAT 2.11 2350
TwinCat Driver for Intel 8255x (Tcl8255x.sys) 3.1.0.3600 for TwinCAT 3.1 4024
TwinCat Driver for Intel 8255x (Tcl8255x.sys) 3.1.0.3500 for TwinCAT 3.1 4024
TwinCat Driver for Intel 8255x (Tcl8255x.sys) 2.11.0.2117 for TwinCAT 2.11 2350
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

Products

Weaknesses

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis