Summary
In case TwinCAT is configured to use the Profinet driver, a denial of service of the controller could be reached by sending special packets to the device.
Impact
TwinCAT includes a Profinet driver, which could be configured in the engineering environment to use Profinet connections to the controller.
In case this is configured and the controller is started, a specially crafted Profinet DCP packet could be sent to the TwinCAT device, which will lead to a denial of service of the device.
Operation can be resumed by restarting the device.
Affected Product(s)
| Model no. | Product name | Affected versions |
|---|---|---|
| TwinCAT <=2304 | TwinCAT <=2304 | |
| TwinCAT <=4204.0 | TwinCAT <=4204.0 |
Vulnerabilities
Expand / Collapse allWhen Beckhoff TwinCAT is configured to use the Profinet driver, a denial of service of the controller could be reached by sending a malformed UDP packet to the device. This issue affects TwinCAT 2 version 2304 (and prior) and TwinCAT 3.1 version 4204.0 (and prior).
Remediation
Profinet could be blocked in perimeter firewall to block PROFINET DCP packets from untrusted networks to the device.
Beckhoff will provide updates for the mentioned TwinCAT Versions.
Revision History
| Version | Date | Summary |
|---|---|---|
| 1 | 10/09/2019 12:00 | Initial revision. |
| 2 | 11/06/2024 12:27 | Fix: correct certvde domain, added self-reference |
| 3 | 04/11/2025 09:00 | Fix: version range |
| 4 | 05/14/2025 15:00 | Fix: added distribution |