{"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Embedded PC Images","vendor":"Beckhoff","versions":[{"lessThan":"October 22, 2014","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"TwinCAT Components featuring Automation Device Specification (ADS) communication","vendor":"Beckhoff","versions":[{"status":"affected","version":"All"}]}],"credits":[{"lang":"en","type":"finder","value":"Gregor Bonney from FH Aachen University of Applied Sciences"}],"datePublic":"2016-10-04T06:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"

Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components do not restrict the number of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.

"}],"value":"Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components do not restrict the number of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":9.1,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-307","description":"CWE-307","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","shortName":"icscert","dateUpdated":"2025-11-04T23:09:34.639Z"},"references":[{"name":"93349","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/93349"},{"url":"https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2014-001.pdf"},{"url":"https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2014-002.pdf"},{"url":"https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2014-003.pdf"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-16-278-02"},{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2016/icsa-16-278-02.json"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"

Beckhoff recommends in their IPC Security Manual \n(https://download.beckhoff.com/download/Document/ipc/industrial-pc/ipc_security_en.pdf)\n to use network and software firewalls to block all network ports except\n the ones that are needed. Beckhoff also recommends that default \npasswords be changed during commissioning before connecting systems to \nthe network.

\n

In their advisories (Advisory 2014-001: Potential \nmisuse of several administrative services, \nhttps://download.beckhoff.com/download/document/product-security/Advisories/advisory-2014-001.pdf. Advisory 2014-002: ADS communication port allows password bruteforce, \nhttps://download.beckhoff.com/download/document/product-security/Advisories/advisory-2014-002.pdf. Advisory2014-003: Recommendation to change default passwords, \nhttps://download.beckhoff.com/download/document/product-security/Advisories/advisory-2014-003.pdf which were published November \n17, 2014) for these issues, Beckhoff also recommends the following \nmitigation solutions:

\n\n\n
"}],"value":"Beckhoff recommends in their IPC Security Manual \n( https://download.beckhoff.com/download/Document/ipc/industrial-pc/ipc_security_en.pdf )\n to use network and software firewalls to block all network ports except\n the ones that are needed. Beckhoff also recommends that default \npasswords be changed during commissioning before connecting systems to \nthe network.\n\n\nIn their advisories (Advisory 2014-001: Potential \nmisuse of several administrative services, \n https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2014-001.pdf . Advisory 2014-002: ADS communication port allows password bruteforce, \n https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2014-002.pdf . Advisory2014-003: Recommendation to change default passwords, \n https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2014-003.pdf  which were published November \n17, 2014) for these issues, Beckhoff also recommends the following \nmitigation solutions:\n\n\n\n * Update images to build October 22, 2014, or newer, which solve these problems by disabling the services by default.\n\n * Disable the Windows CE Remote Configuration Tool by deleting the \nsubtree “/remoteadmin.” The configuration of the web server paths can be\n found in the Windows registry at the path \n“HKEY_LOCAL_MACHINE\\COMM\\HTTPD\\VROOTS\\.”\n\n * Disable startup of CE Remote Display service (cerdisp.exe) with \ndeleting the registry key containing the “CeRDisp.exe” \n[-HKEY_LOCAL_MACHINE\\init\\Launch90].\n\n * Disable telnet by setting the registry key [HKEY_LOCAL_MACHINE\\Services\\TELNETD\\Flags] to dword: 4\n\n * Restrict ADS communication to trusted networks only."}],"source":{"advisory":"ICSA-16-278-02","discovery":"EXTERNAL"},"title":"Beckhoff Embedded PC Images and TwinCAT Components Improper Restriction of Excessive Authentication Attempts","x_generator":{"engine":"Vulnogram 0.5.0"},"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"ics-cert@hq.dhs.gov","ID":"CVE-2014-5414","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components do not restrict the number of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"93349","refsource":"BID","url":"http://www.securityfocus.com/bid/93349"},{"name":"https://ics-cert.us-cert.gov/advisories/ICSA-16-278-02","refsource":"MISC","url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-278-02"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-06T11:41:49.195Z"},"title":"CVE Program Container","references":[{"name":"93349","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/93349"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-278-02"}]}]},"cveMetadata":{"assignerOrgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","assignerShortName":"icscert","cveId":"CVE-2014-5414","datePublished":"2016-10-05T10:00:00.000Z","dateReserved":"2014-08-22T00:00:00.000Z","dateUpdated":"2025-11-04T23:09:34.639Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"}