CVE-2019-5636

{"id": "CVE-2019-5636", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "cve@rapid7.con", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2019-11-21T20:15:15.897", "references": [{"url": "https://blog.rapid7.com/2019/10/08/r7-2019-32-denial-of-service-vulnerabilities-in-beckhoff-twincat-plc-environment-fixed/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@rapid7.con"}, {"url": "https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2019-004.pdf", "tags": ["Vendor Advisory"], "source": "cve@rapid7.con"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-404"}]}, {"type": "Secondary", "source": "cve@rapid7.con", "description": [{"lang": "en", "value": "CWE-404"}]}], "descriptions": [{"lang": "en", "value": "When a Beckhoff TwinCAT Runtime receives a malformed UDP packet, the ADS Discovery Service shuts down. Note that the TwinCAT devices are still performing as normal. This issue affects TwinCAT 2 version 2304 (and prior) and TwinCAT 3.1 version 4204.0 (and prior)."}, {"lang": "es", "value": "Cuando un Beckhoff TwinCAT Runtime recibe un paquete UDP con formato incorrecto, el servicio de descubrimiento de ADS se cierra. Tenga en cuenta que los dispositivos TwinCAT siguen funcionando normalmente. Este problema afecta a TwinCAT 2 versi\u00f3n 2304 (y anterior) y TwinCAT 3.1 versi\u00f3n 4204.0 (y anterior)."}], "lastModified": "2020-02-04T23:15:10.597", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:beckhoff:twincat:2.0:build2304:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB711A2C-9F84-4462-82C8-296C51CC2F60"}, {"criteria": "cpe:2.3:a:beckhoff:twincat:3.1:build4024.0:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB46CCC9-4BF8-43CC-A382-5287F432DC9B"}], "operator": "OR"}]}], "sourceIdentifier": "cve@rapid7.con"}