Advisories

Our Security Advisories are intended to help our customers protect their Beckhoff Industrial PCs and Embedded PCs against certain effects. The following table provides an overview of the available advisories and includes a link to download the document.

These Security Advisories are also provided as an Advisories 1: RSS Feed.

If you suspect security vulnerabilities in one of our products, please inform us via the procedure described in Coordinated Disclosure.

Number

Title

Version

Language

Download

2021-002

Stack Overflow and XXE vulnerability in various OPC UA products

1.0

EN

Link

2021-001

DoS-Vulnerability for TwinCAT OPC UA Server and IPC Diagnostics UA Server

1.2

EN

Link

2020-003

Privilege Escalation through TwinCAT System Tray (TcSysUI.exe)

1.1

EN

Link

2020-002

EtherLeak in TwinCAT RT network driver

1.1

EN

Link

2020-01

BK9000 couplers - Denial of service inhibits function

1.0

EN

Link

2019-07

Denial-of-Service on TwinCAT using Profinet protocol

1.1

EN

Link

2019-06

CE Remote Display behaves incorrectly with wrong credentials

1.2

EN

Link

2019-05

Remote Code Execution in Remote Desktop Service ("Dejablue")

1.0

EN

Link

2019-04

ADS Discovery

1.1

EN

Link

2019-03

Remote Code Execution in Remote Desktop Service

1.4

EN

Link

2019-02

Microarchitectural Data Sampling (MDS) vulnerabilities

1.2

EN

Link

2019-01

Spectre-V2 and impact on application performance as well as TwinCAT compatibility

1.4

EN

Link

2018-02

Updates for OPC-UA components (Several Vulnerabilities)

1.0

EN

Link

2018-01

TwinCAT 2 and 3.1 Kernel Driver Privilege Escalation

1.1

EN

Link

2017-02

Add Route using "Encrypted Password" bases on fixed key

1.1

EN

Link

2017-01

ADS is only designed for use in protected environments

1.4

EN

Link

2015-001

Potential misuse of IPC Diagnostics version < 1.8 backend

1.1

EN

Link

2014-003

Recommendation to change default passwords

1.1

EN

Link

2014-002

ADS communication port allows password bruteforce

1.1

EN

Link

2014-001

Potential misuse of several administrative services

1.1

EN

Link