Rhebo discovers new vulnerability in Beckhoff industrial component

  • Rhebo has discovered a vulnerability in common industrial device
  • Vulnerability enables DoS attack
  • Beckhoff released Security Advisory

Leipzig/Verl, Germany, April 28, 2020 – Rhebo has discovered a previously unknown vulnerability in a common industrial component from Beckhoff, which can lead to device failures and malfunction of the related industrial equipment. The device is used in industrial companies and critical infrastructures. 

The vulnerability concerns the bus coupler type BK9000. This is used in Industrial Control Systems to translate from Modbus/TCP to the Beckhoff-specific K-bus and thus read physical sensors or control actuators. Using the vulnerability identified by Rhebo, hackers can cause the device to crash via a denial of service attack (DoS). The bus coupler is then no longer addressable, even when the attack is over. This prevents further communication through the device, which can lead to process interruptions and system downtimes. A manual restart is required. The vulnerability is listed in the Common Vulnerabilities & Exposures database as CVE-2020-9464. Beckhoff published a Security Advisory on the vulnerability on 9 March 2020. Since the behaviour of the bus coupler cannot be changed at present, Beckhoff recommends the appropriate installation of a perimeter firewall. In addition, Rhebo recommends network monitoring in order to detect the possible exploitation of the vulnerability at an early stage.

»Vulnerabilities are still common in industrial equipment and will continue to be,« explains Martin Menschner, Chief Technology Officer at Rhebo. »I think we are only seeing the tip of the iceberg so far. Therefore, it is all the more important that vendors of industrial components respond to such discoveries as diligently as Beckhoff has done. Those responsible in the company responded immediately to our notification, checked the vulnerability internally, arranged for an entry in the CVE database and informed their customers. This transparent and forthright handling of new vulnerabilities sadly cannot be taken for granted, but is vital for affected industrial companies to adapt their own cybersecurity strategy adequately and quickly.«

The bus coupler from Beckhoff is widely used in industrial networks. Classical IT security systems and perimeter security devices such as firewalls and intrusion detection systems lack a dedicated view of these devices within the automation technology. In the worst case, the exploitation of the weak point can therefore remain undetected for a long time.

Rhebo draws on many years of expertise in ICS monitoring, industrial protocols and anomaly detection. As a software and service company, it supports industrial companies and critical infrastructures with solutions dedicated to ICS and IoT to ensure cybersecurity and plant availability.

About Rhebo

Rhebo is the only vendor-independent provider of industrial monitoring solutions ensuring both cybersecurity and stability of ICS and IoT infrastructures. The German company’s solutions monitor all communication within the ICS and on distributed critical IoT devices. Any attacks, vulnerabilities as well as technical error states are reported in real-time. Thus, Rhebo vendor-neutrally supports  industrial, energy and water companies to increase cybersecurity, productivity and availability of their systems and plants to safeguard their digital transformation. 

In this role, the company is partner of the Alliance for Cyber Security of the Federal Office for Information Security (BSI), is actively developing standards and technical guidance in the Teletrust - Bundesverband IT-Sicherheit e.V. and the Bitkom Security Management Working Group.

Contact Rhebo

Jens Pacholsky
Public Relations Rhebo GmbH
Tel. +49-341-393-790-180