Improper Access Restriction in Beckhoff IPC Diagnostics before 1.8

Improper Access Restriction in Beckhoff IPC Diagnostics before 1.8

CVE-2015-4051 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:C

Beckhoff IPC Diagnostics before 1.8 does not properly restrict access to functions in /config, which allows remote attackers to cause a denial of service (reboot or shutdown), create arbitrary users, or possibly have unspecified other impact via a crafted request, as demonstrated by a beckhoff.com:service:cxconfig:1#Write SOAP action to /upnpisapi.

Learn more about our Api Penetration Testing.