Beckhoff Patches PoC Weakness

Friday, October 7, 2011 @ 04:10 PM gHale

Beckhoff has now produced a patch that addresses the vulnerability with proof-of-concept (PoC) exploit code affecting TwinCAT, a SCADA/HMI product.

Services running on Port 48899\UDP are vulnerable, according to the report.

Rockwell Adds More Platform Patches
PoC Holes from SCADA Providers
More ICONICS Holes
Sunway Facing Vulnerabilities
SCADA Alert: Fixes in Works

Beckhoff officials said the issue affects the TwinCAT versions 2.10, 2.11, 2.11R2.

Beckhoff TwinCAT is a software system capable of controlling multiple programmable logic controllers in a system. This system sees use in industries including manufacturing, energy, oil and gas, water and wastewater, electric utilities, renewable energies, and building automation. Beckhoff’s headquarters is in Verl, Germany.

A successful exploitation of this vulnerability could result in a denial-of-service and it is remotely exploitable. In addition, an attacker with a low skill level can create the denial-of-service. A read access violation can occur when a specially crafted packet goes o Port 48899\UDP. The vulnerability has a CVE-2011-3486 designation and it has a CVSS base score of 5.0.

Beckhoff developed a patch to address this vulnerability and to obtain the patch and installation instructions, users should contact Beckhoff at

If the customer is unable to apply the patch, Beckhoff recommends that customers deploy a firewall and restrict traffic on the affected port (48899\UDP).

Leave a Reply

You must be logged in to post a comment.