NuytsTech Security

CVE-2015-4051

by ·

Beckhoff IPC Diagnostics before 1.8 does not properly restrict access to functions in /config, which allows remote attackers to cause a denial of service (reboot or shutdown), create arbitrary users, or possibly have unspecified other impact via a crafted request, as demonstrated by a beckhoff.com:service:cxconfig:1#Write SOAP action to /upnpisapi.

Date published : 2015-06-08

http://www.securityfocus.com/bid/75042

http://ftp.beckhoff.com/download/document/IndustPC/Advisory-2015-001.pdf

Tags: