Beckhoff TwinCAT SCADA/Human Machine Interface (HMI) product contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
The vulnerability is due to insufficient validation of user-supplied input by the affected software while handling UDP requests. The affected software receives UDP requests on port 48899 and could improperly perform read operations as specified in the user input, resulting in memory corruption.
An unauthenticated, remote attacker could exploit the vulnerability by transmitting malicious UDP requests to the system. Processing these requests could cause an unexpected termination of the affected software, resulting in a DoS condition on the system.
Proof-of-concept code that exploits the vulnerability is publicly available.
Administrators are advised to allow only trusted users to have network access.
Beckhoff customers are advised to acquire the patches through normal Beckhoff support channels.
US-CERT has released security advisories at the following links: ICS-ALERT-11-256-06 and ICSA-11-279-04
The Cisco Applied Intelligence team has created an Applied Mitigation Bulletin to address multiple SCADA product vulnerabilities disclosed in September 2011. This Cisco bulletin, which assists administrators in identifying or mitigating these vulnerabilities using Cisco devices, is available at the following link: Identifying and Mitigating the SCADA Security Activity Bulletin Vulnerabilities