Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

CVE-2020-12494 : Exploit Details and Defense Strategies

Learn about CVE-2020-12494, a vulnerability in Beckhoff's TwinCAT RT network driver for Intel 8254x and 8255x, potentially leading to memory content disclosure. Find mitigation steps and preventive measures here.

Beckhoff's TwinCAT RT network driver for Intel 8254x and 8255x is vulnerable to an Etherleak issue that can lead to memory content disclosure.

Understanding CVE-2020-12494

This CVE involves a vulnerability in Beckhoff's TwinCAT RT network driver for Intel 8254x and 8255x, potentially exposing memory content.

What is CVE-2020-12494?

The vulnerability in the TwinCAT RT network driver allows arbitrary memory content to be transmitted within Ethernet frames, leading to potential memory disclosure.

The Impact of CVE-2020-12494

The vulnerability could result in the disclosure of memory content, although the attacker may have limited control over the specific content affected.

Technical Details of CVE-2020-12494

This section provides more in-depth technical details about the vulnerability.

Vulnerability Description

The driver fails to pad Ethernet frames with insufficient payload, leading to the transmission of arbitrary memory content in the padding bytes.

Affected Systems and Versions

        TwinCat Driver for Intel 8254x: Versions <= 3.1.0.3603 for TwinCAT 3.1 4024, <= 3.1.0.3512 for TwinCAT 3.1 4022, <= 2.11.0.2120 for TwinCAT 2.11 2350
        TwinCat Driver for Intel 8255x: Versions <= 3.1.0.3600 for TwinCAT 3.1 4024, <= 3.1.0.3500 for TwinCAT 3.1 4024, <= 2.11.0.2117 for TwinCAT 2.11 2350

Exploitation Mechanism

The vulnerability can be exploited by sending small ICMP echo requests to the device, triggering the disclosure of memory content.

Mitigation and Prevention

Steps to address and prevent the CVE-2020-12494 vulnerability.

Immediate Steps to Take

        Consider re-configuring to use the Intel driver if real-time communication is not required
        Configure a perimeter firewall to block traffic from untrusted networks, especially ICMP and small Ethernet frames

Long-Term Security Practices

        Regularly update and patch affected software versions

Patching and Updates

Beckhoff offers software patches for TwinCAT 3.1 and TwinCAT 2.11 upon request, which will be included in future regular releases.

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities?
Find Out Now