ICS Beckhoff IPC diagnostics Multiple Authentication Bypass Vulnerabilities -1 (CVE-2015-4051)

Rule ID

1137708

Severity

High

Description

Beckhoff IPC Diagnostics before 1.8 does not properly restrict access to functions in /config, which allows remote attackers to cause a denial of service (reboot or shutdown), create arbitrary users, or possibly have unspecified other impact via a crafted request, as demonstrated by a beckhoff.com:service:cxconfig:1#Write SOAP action to /upnpisapi.

Impact

Remote command execution

Recommendation

Update vendor's patch.

IPS Category

ICS threats

IPS Anomaly Group

N/A

IPS Rule Default Action

Deny

References

CVE-2015-4051

EDB-38514

T0819

T1190

Keywords

N/A

Date Created

2020/10/14

Last Updated

2024/06/03

This website uses cookies to ensure you get the best experience on our website.

Learn more