Search criteria
17 vulnerabilities found for OPC-Aggregator by PTC
VAR-202101-0380
Vulnerability from variot - Updated: 2025-01-30 21:57KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions are vulnerable to a stack-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and remotely execute code. PTC The following vulnerabilities exist in multiple products provided by the company. ‥ * Stack-based buffer overflow (CWE-121) - CVE-2020-27265 ‥ * Heap-based buffer overflow (CWE-122) - CVE-2020-27263 ‥ * Use of freed memory (use-after-free) (CWE-416) - CVE-2020-27267 ‥ * Inappropriate default permissions (CWE-276) - CVE-2020-13535The expected impact depends on each vulnerability, but it may be affected as follows. Kepware Kepserverex is an application software of American Kepware Company that can communicate with a variety of industrial equipment. The software supports more than 150 communication protocols and supports reliable real-time data for enterprises through a single platform
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202101-0380",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "thingworx kepware server",
"scope": "eq",
"trust": 1.0,
"vendor": "ptc",
"version": "6.8"
},
{
"model": "thingworx industrial connectivity",
"scope": "eq",
"trust": 1.0,
"vendor": "ptc",
"version": null
},
{
"model": "industrial gateway server",
"scope": "eq",
"trust": 1.0,
"vendor": "ge",
"version": "7.68.804"
},
{
"model": "kepserver enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "6.6.504.0"
},
{
"model": "industrial gateway server",
"scope": "eq",
"trust": 1.0,
"vendor": "ge",
"version": "7.66"
},
{
"model": "kepware kepserverex",
"scope": "eq",
"trust": 1.0,
"vendor": "ptc",
"version": "6.0"
},
{
"model": "top server",
"scope": "gte",
"trust": 1.0,
"vendor": "softwaretoolbox",
"version": "6.0"
},
{
"model": "opc-aggregator",
"scope": "eq",
"trust": 1.0,
"vendor": "ptc",
"version": null
},
{
"model": "kepware kepserverex",
"scope": "eq",
"trust": 1.0,
"vendor": "ptc",
"version": "6.9"
},
{
"model": "thingworx kepware server",
"scope": "eq",
"trust": 1.0,
"vendor": "ptc",
"version": "6.9"
},
{
"model": "top server",
"scope": "lte",
"trust": 1.0,
"vendor": "softwaretoolbox",
"version": "6.9"
},
{
"model": "kepserver enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "6.9.572.0"
},
{
"model": "industrial gateway server",
"scope": "eq",
"trust": 0.8,
"vendor": "ge digital",
"version": "version 7.68.804 \u304a\u3088\u3073 version 7.66"
},
{
"model": "kepserverex",
"scope": "eq",
"trust": 0.8,
"vendor": "ptc",
"version": "version 6.0 \u304b\u3089 version 6.9"
},
{
"model": "kepware linkmaster",
"scope": "eq",
"trust": 0.8,
"vendor": "ptc",
"version": "version 3.0.94.0"
},
{
"model": "opc-aggregator",
"scope": "eq",
"trust": 0.8,
"vendor": "ptc",
"version": "\u3059\u3079\u3066"
},
{
"model": "thingworx industrial connectivity",
"scope": "eq",
"trust": 0.8,
"vendor": "ptc",
"version": "\u3059\u3079\u3066"
},
{
"model": "thingworx kepware server",
"scope": "eq",
"trust": 0.8,
"vendor": "ptc",
"version": "version 6.8 \u304a\u3088\u3073 version 6.9"
},
{
"model": "kepserver enterprise",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "top server",
"scope": "eq",
"trust": 0.8,
"vendor": "toolbox",
"version": "6\u7cfb\u306e\u3059\u3079\u3066"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"db": "NVD",
"id": "CVE-2020-27265"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ge_digital:industrial_gateway_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ptc:kepserverex",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ptc:kepware_linkmaster",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ptc:opc-aggregator",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ptc:thingWorx_industrial_connectivity",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ptc:thingworx_kepware_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:kepserver_enterprise",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:software_toolbox:top_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
}
]
},
"cve": "CVE-2020-27265",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-27265",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-370753",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-27265",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-010092",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-010092",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-010092",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 9.3,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-010092",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2020-010092",
"trust": 2.4,
"value": "Critical"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2020-27265",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "IPA",
"id": "JVNDB-2020-010092",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202012-1305",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-370753",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-370753"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1305"
},
{
"db": "NVD",
"id": "CVE-2020-27265"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions are vulnerable to a stack-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and remotely execute code. PTC The following vulnerabilities exist in multiple products provided by the company. \u2025 * Stack-based buffer overflow (CWE-121) - CVE-2020-27265 \u2025 * Heap-based buffer overflow (CWE-122) - CVE-2020-27263 \u2025 * Use of freed memory (use-after-free) (CWE-416) - CVE-2020-27267 \u2025 * Inappropriate default permissions (CWE-276) - CVE-2020-13535The expected impact depends on each vulnerability, but it may be affected as follows. Kepware Kepserverex is an application software of American Kepware Company that can communicate with a variety of industrial equipment. The software supports more than 150 communication protocols and supports reliable real-time data for enterprises through a single platform",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-27265"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"db": "VULHUB",
"id": "VHN-370753"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-27265",
"trust": 2.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-352-02",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU98489812",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-20-352-03",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010092",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1305",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.4481",
"trust": 0.6
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-370753",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULHUB",
"id": "VHN-370753"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1305"
},
{
"db": "NVD",
"id": "CVE-2020-27265"
}
]
},
"id": "VAR-202101-0380",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULHUB",
"id": "VHN-370753"
}
],
"trust": 0.02
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"network device"
],
"sub_category": "gateway",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
}
]
},
"last_update_date": "2025-01-30T21:57:10.120000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Customer Center",
"trust": 0.8,
"url": "https://digitalsupport.ge.com/communities/cc_login?startURL=%2Fen_US%2FDownload%2FIGS-Industrial-Gateway-Server-v7-xx"
},
{
"title": "GE Digital Product Security Advisory",
"trust": 0.8,
"url": "https://digitalsupport.ge.com/communities/servlet/fileField?retURL=%2Fcommunities%2Fapex%2FKnowledgeDetail%3Fid%3DkA20h0000000dpqCAA%26lang%3Den_US%26Type%3DArticle__kav\u0026entityId=ka20h00000013uHAAQ\u0026field=File_1__Body__s"
},
{
"title": "My Kepware Customer Self-Service Portal",
"trust": 0.8,
"url": "https://my.kepware.com/s/login/?ec=302\u0026startURL=%2Fs%2F"
},
{
"title": "PTC eSupport",
"trust": 0.8,
"url": "https://support.ptc.com/appserver/common/login/ssl/login.jsp?dest=%2Fappserver%2Fcs%2Fportal%2F\u0026msg=1"
},
{
"title": "Kepserver Enterprise",
"trust": 0.8,
"url": "https://rockwellautomation.custhelp.com/app/products/detail/categoryRecordID/RN_PRODUCT_611/p/611/~/kepserver-enterprise"
},
{
"title": "CISA Advisory ICSA-20-352-02 - TOP Server OPC UA Server Interface Vulnerability",
"trust": 0.8,
"url": "https://support.softwaretoolbox.com/app/answers/detail/a_id/3924"
},
{
"title": "Multiple Kepware Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=137773"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1305"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-121",
"trust": 1.8
},
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "CWE-122",
"trust": 0.8
},
{
"problemtype": "CWE-416",
"trust": 0.8
},
{
"problemtype": "CWE-276",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-370753"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"db": "NVD",
"id": "CVE-2020-27265"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-13535"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-27263"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-27265"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-27267"
},
{
"trust": 0.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-03"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98489812"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4481/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27265"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULHUB",
"id": "VHN-370753"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1305"
},
{
"db": "NVD",
"id": "CVE-2020-27265"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULHUB",
"id": "VHN-370753"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1305"
},
{
"db": "NVD",
"id": "CVE-2020-27265"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-01-14T00:00:00",
"db": "VULHUB",
"id": "VHN-370753"
},
{
"date": "2020-12-21T09:01:13",
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"date": "2020-12-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-1305"
},
{
"date": "2021-01-14T00:15:13.417000",
"db": "NVD",
"id": "CVE-2020-27265"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-01-21T00:00:00",
"db": "VULHUB",
"id": "VHN-370753"
},
{
"date": "2020-12-21T09:01:13",
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"date": "2021-01-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-1305"
},
{
"date": "2024-11-21T05:20:58.083000",
"db": "NVD",
"id": "CVE-2020-27265"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-1305"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural PTC Product vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-1305"
}
],
"trust": 0.6
}
}
VAR-202101-0382
Vulnerability from variot - Updated: 2025-01-30 21:16KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data. PTC The following vulnerabilities exist in multiple products provided by the company. ‥ * Stack-based buffer overflow (CWE-121) - CVE-2020-27265 ‥ * Heap-based buffer overflow (CWE-122) - CVE-2020-27263 ‥ * Use of freed memory (use-after-free) (CWE-416) - CVE-2020-27267 ‥ * Inappropriate default permissions (CWE-276) - CVE-2020-13535The expected impact depends on each vulnerability, but it may be affected as follows. Kepware Kepserverex is an application software of American Kepware Company that can communicate with a variety of industrial equipment. The software supports more than 150 communication protocols and supports reliable real-time data for enterprises through a single platform. A security vulnerability exists in PTC Kepware KEPServerEX that could allow a remote attacker to cause the application to crash
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202101-0382",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "thingworx kepware server",
"scope": "eq",
"trust": 1.0,
"vendor": "ptc",
"version": "6.8"
},
{
"model": "thingworx industrial connectivity",
"scope": "eq",
"trust": 1.0,
"vendor": "ptc",
"version": null
},
{
"model": "industrial gateway server",
"scope": "eq",
"trust": 1.0,
"vendor": "ge",
"version": "7.68.804"
},
{
"model": "kepserver enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "6.6.504.0"
},
{
"model": "industrial gateway server",
"scope": "eq",
"trust": 1.0,
"vendor": "ge",
"version": "7.66"
},
{
"model": "kepware kepserverex",
"scope": "eq",
"trust": 1.0,
"vendor": "ptc",
"version": "6.0"
},
{
"model": "top server",
"scope": "gte",
"trust": 1.0,
"vendor": "softwaretoolbox",
"version": "6.0"
},
{
"model": "opc-aggregator",
"scope": "eq",
"trust": 1.0,
"vendor": "ptc",
"version": null
},
{
"model": "kepware kepserverex",
"scope": "eq",
"trust": 1.0,
"vendor": "ptc",
"version": "6.9"
},
{
"model": "thingworx kepware server",
"scope": "eq",
"trust": 1.0,
"vendor": "ptc",
"version": "6.9"
},
{
"model": "top server",
"scope": "lte",
"trust": 1.0,
"vendor": "softwaretoolbox",
"version": "6.9"
},
{
"model": "kepserver enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "6.9.572.0"
},
{
"model": "industrial gateway server",
"scope": "eq",
"trust": 0.8,
"vendor": "ge digital",
"version": "version 7.68.804 \u304a\u3088\u3073 version 7.66"
},
{
"model": "kepserverex",
"scope": "eq",
"trust": 0.8,
"vendor": "ptc",
"version": "version 6.0 \u304b\u3089 version 6.9"
},
{
"model": "kepware linkmaster",
"scope": "eq",
"trust": 0.8,
"vendor": "ptc",
"version": "version 3.0.94.0"
},
{
"model": "opc-aggregator",
"scope": "eq",
"trust": 0.8,
"vendor": "ptc",
"version": "\u3059\u3079\u3066"
},
{
"model": "thingworx industrial connectivity",
"scope": "eq",
"trust": 0.8,
"vendor": "ptc",
"version": "\u3059\u3079\u3066"
},
{
"model": "thingworx kepware server",
"scope": "eq",
"trust": 0.8,
"vendor": "ptc",
"version": "version 6.8 \u304a\u3088\u3073 version 6.9"
},
{
"model": "kepserver enterprise",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "top server",
"scope": "eq",
"trust": 0.8,
"vendor": "toolbox",
"version": "6\u7cfb\u306e\u3059\u3079\u3066"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"db": "NVD",
"id": "CVE-2020-27267"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ge_digital:industrial_gateway_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ptc:kepserverex",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ptc:kepware_linkmaster",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ptc:opc-aggregator",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ptc:thingWorx_industrial_connectivity",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ptc:thingworx_kepware_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:kepserver_enterprise",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:software_toolbox:top_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
}
]
},
"cve": "CVE-2020-27267",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-27267",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-370757",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-27267",
"impactScore": 5.2,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-010092",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-010092",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-010092",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 9.3,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-010092",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2020-010092",
"trust": 2.4,
"value": "Critical"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2020-27267",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "IPA",
"id": "JVNDB-2020-010092",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202012-1299",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-370757",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-370757"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1299"
},
{
"db": "NVD",
"id": "CVE-2020-27267"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data. PTC The following vulnerabilities exist in multiple products provided by the company. \u2025 * Stack-based buffer overflow (CWE-121) - CVE-2020-27265 \u2025 * Heap-based buffer overflow (CWE-122) - CVE-2020-27263 \u2025 * Use of freed memory (use-after-free) (CWE-416) - CVE-2020-27267 \u2025 * Inappropriate default permissions (CWE-276) - CVE-2020-13535The expected impact depends on each vulnerability, but it may be affected as follows. Kepware Kepserverex is an application software of American Kepware Company that can communicate with a variety of industrial equipment. The software supports more than 150 communication protocols and supports reliable real-time data for enterprises through a single platform. A security vulnerability exists in PTC Kepware KEPServerEX that could allow a remote attacker to cause the application to crash",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-27267"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"db": "VULHUB",
"id": "VHN-370757"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-27267",
"trust": 2.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-352-02",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU98489812",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-20-352-03",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010092",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1299",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.4481",
"trust": 0.6
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-370757",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULHUB",
"id": "VHN-370757"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1299"
},
{
"db": "NVD",
"id": "CVE-2020-27267"
}
]
},
"id": "VAR-202101-0382",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULHUB",
"id": "VHN-370757"
}
],
"trust": 0.02
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"network device"
],
"sub_category": "gateway",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
}
]
},
"last_update_date": "2025-01-30T21:16:15.199000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Customer Center",
"trust": 0.8,
"url": "https://digitalsupport.ge.com/communities/cc_login?startURL=%2Fen_US%2FDownload%2FIGS-Industrial-Gateway-Server-v7-xx"
},
{
"title": "GE Digital Product Security Advisory",
"trust": 0.8,
"url": "https://digitalsupport.ge.com/communities/servlet/fileField?retURL=%2Fcommunities%2Fapex%2FKnowledgeDetail%3Fid%3DkA20h0000000dpqCAA%26lang%3Den_US%26Type%3DArticle__kav\u0026entityId=ka20h00000013uHAAQ\u0026field=File_1__Body__s"
},
{
"title": "My Kepware Customer Self-Service Portal",
"trust": 0.8,
"url": "https://my.kepware.com/s/login/?ec=302\u0026startURL=%2Fs%2F"
},
{
"title": "PTC eSupport",
"trust": 0.8,
"url": "https://support.ptc.com/appserver/common/login/ssl/login.jsp?dest=%2Fappserver%2Fcs%2Fportal%2F\u0026msg=1"
},
{
"title": "Kepserver Enterprise",
"trust": 0.8,
"url": "https://rockwellautomation.custhelp.com/app/products/detail/categoryRecordID/RN_PRODUCT_611/p/611/~/kepserver-enterprise"
},
{
"title": "CISA Advisory ICSA-20-352-02 - TOP Server OPC UA Server Interface Vulnerability",
"trust": 0.8,
"url": "https://support.softwaretoolbox.com/app/answers/detail/a_id/3924"
},
{
"title": "Kepware KEPServerEX Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=137769"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1299"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-416",
"trust": 1.8
},
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "CWE-121",
"trust": 0.8
},
{
"problemtype": "CWE-122",
"trust": 0.8
},
{
"problemtype": "CWE-276",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-370757"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"db": "NVD",
"id": "CVE-2020-27267"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-13535"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-27263"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-27265"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-27267"
},
{
"trust": 0.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-03"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98489812"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4481/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27267"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULHUB",
"id": "VHN-370757"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1299"
},
{
"db": "NVD",
"id": "CVE-2020-27267"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULHUB",
"id": "VHN-370757"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1299"
},
{
"db": "NVD",
"id": "CVE-2020-27267"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-01-14T00:00:00",
"db": "VULHUB",
"id": "VHN-370757"
},
{
"date": "2020-12-21T09:01:13",
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"date": "2020-12-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-1299"
},
{
"date": "2021-01-14T00:15:13.510000",
"db": "NVD",
"id": "CVE-2020-27267"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-01-21T00:00:00",
"db": "VULHUB",
"id": "VHN-370757"
},
{
"date": "2020-12-21T09:01:13",
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"date": "2021-01-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-1299"
},
{
"date": "2024-11-21T05:20:58.280000",
"db": "NVD",
"id": "CVE-2020-27267"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-1299"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural PTC Product vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-1299"
}
],
"trust": 0.6
}
}
VAR-202101-0378
Vulnerability from variot - Updated: 2025-01-30 21:06KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data. PTC The following vulnerabilities exist in multiple products provided by the company. ‥ * Stack-based buffer overflow (CWE-121) - CVE-2020-27265 ‥ * Heap-based buffer overflow (CWE-122) - CVE-2020-27263 ‥ * Use of freed memory (use-after-free) (CWE-416) - CVE-2020-27267 ‥ * Inappropriate default permissions (CWE-276) - CVE-2020-13535The expected impact depends on each vulnerability, but it may be affected as follows. Kepware Kepserverex is an application software of American Kepware Company that can communicate with a variety of industrial equipment. The software supports more than 150 communication protocols and supports reliable real-time data for enterprises through a single platform
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202101-0378",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "thingworx kepware server",
"scope": "eq",
"trust": 1.0,
"vendor": "ptc",
"version": "6.8"
},
{
"model": "thingworx industrial connectivity",
"scope": "eq",
"trust": 1.0,
"vendor": "ptc",
"version": null
},
{
"model": "industrial gateway server",
"scope": "eq",
"trust": 1.0,
"vendor": "ge",
"version": "7.68.804"
},
{
"model": "kepserver enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "6.6.504.0"
},
{
"model": "industrial gateway server",
"scope": "eq",
"trust": 1.0,
"vendor": "ge",
"version": "7.66"
},
{
"model": "kepware kepserverex",
"scope": "eq",
"trust": 1.0,
"vendor": "ptc",
"version": "6.0"
},
{
"model": "top server",
"scope": "gte",
"trust": 1.0,
"vendor": "softwaretoolbox",
"version": "6.0"
},
{
"model": "opc-aggregator",
"scope": "eq",
"trust": 1.0,
"vendor": "ptc",
"version": null
},
{
"model": "kepware kepserverex",
"scope": "eq",
"trust": 1.0,
"vendor": "ptc",
"version": "6.9"
},
{
"model": "thingworx kepware server",
"scope": "eq",
"trust": 1.0,
"vendor": "ptc",
"version": "6.9"
},
{
"model": "top server",
"scope": "lte",
"trust": 1.0,
"vendor": "softwaretoolbox",
"version": "6.9"
},
{
"model": "kepserver enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "6.9.572.0"
},
{
"model": "industrial gateway server",
"scope": "eq",
"trust": 0.8,
"vendor": "ge digital",
"version": "version 7.68.804 \u304a\u3088\u3073 version 7.66"
},
{
"model": "kepserverex",
"scope": "eq",
"trust": 0.8,
"vendor": "ptc",
"version": "version 6.0 \u304b\u3089 version 6.9"
},
{
"model": "kepware linkmaster",
"scope": "eq",
"trust": 0.8,
"vendor": "ptc",
"version": "version 3.0.94.0"
},
{
"model": "opc-aggregator",
"scope": "eq",
"trust": 0.8,
"vendor": "ptc",
"version": "\u3059\u3079\u3066"
},
{
"model": "thingworx industrial connectivity",
"scope": "eq",
"trust": 0.8,
"vendor": "ptc",
"version": "\u3059\u3079\u3066"
},
{
"model": "thingworx kepware server",
"scope": "eq",
"trust": 0.8,
"vendor": "ptc",
"version": "version 6.8 \u304a\u3088\u3073 version 6.9"
},
{
"model": "kepserver enterprise",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "top server",
"scope": "eq",
"trust": 0.8,
"vendor": "toolbox",
"version": "6\u7cfb\u306e\u3059\u3079\u3066"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"db": "NVD",
"id": "CVE-2020-27263"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ge_digital:industrial_gateway_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ptc:kepserverex",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ptc:kepware_linkmaster",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ptc:opc-aggregator",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ptc:thingWorx_industrial_connectivity",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ptc:thingworx_kepware_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:kepserver_enterprise",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:software_toolbox:top_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
}
]
},
"cve": "CVE-2020-27263",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-27263",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-370749",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-27263",
"impactScore": 5.2,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-010092",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-010092",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-010092",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 9.3,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-010092",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2020-010092",
"trust": 2.4,
"value": "Critical"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2020-27263",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "IPA",
"id": "JVNDB-2020-010092",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202012-1301",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-370749",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-370749"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1301"
},
{
"db": "NVD",
"id": "CVE-2020-27263"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data. PTC The following vulnerabilities exist in multiple products provided by the company. \u2025 * Stack-based buffer overflow (CWE-121) - CVE-2020-27265 \u2025 * Heap-based buffer overflow (CWE-122) - CVE-2020-27263 \u2025 * Use of freed memory (use-after-free) (CWE-416) - CVE-2020-27267 \u2025 * Inappropriate default permissions (CWE-276) - CVE-2020-13535The expected impact depends on each vulnerability, but it may be affected as follows. Kepware Kepserverex is an application software of American Kepware Company that can communicate with a variety of industrial equipment. The software supports more than 150 communication protocols and supports reliable real-time data for enterprises through a single platform",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-27263"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"db": "VULHUB",
"id": "VHN-370749"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-27263",
"trust": 2.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-352-02",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU98489812",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-20-352-03",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010092",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1301",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.4481",
"trust": 0.6
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-370749",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULHUB",
"id": "VHN-370749"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1301"
},
{
"db": "NVD",
"id": "CVE-2020-27263"
}
]
},
"id": "VAR-202101-0378",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULHUB",
"id": "VHN-370749"
}
],
"trust": 0.02
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"network device"
],
"sub_category": "gateway",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
}
]
},
"last_update_date": "2025-01-30T21:06:40.806000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Customer Center",
"trust": 0.8,
"url": "https://digitalsupport.ge.com/communities/cc_login?startURL=%2Fen_US%2FDownload%2FIGS-Industrial-Gateway-Server-v7-xx"
},
{
"title": "GE Digital Product Security Advisory",
"trust": 0.8,
"url": "https://digitalsupport.ge.com/communities/servlet/fileField?retURL=%2Fcommunities%2Fapex%2FKnowledgeDetail%3Fid%3DkA20h0000000dpqCAA%26lang%3Den_US%26Type%3DArticle__kav\u0026entityId=ka20h00000013uHAAQ\u0026field=File_1__Body__s"
},
{
"title": "My Kepware Customer Self-Service Portal",
"trust": 0.8,
"url": "https://my.kepware.com/s/login/?ec=302\u0026startURL=%2Fs%2F"
},
{
"title": "PTC eSupport",
"trust": 0.8,
"url": "https://support.ptc.com/appserver/common/login/ssl/login.jsp?dest=%2Fappserver%2Fcs%2Fportal%2F\u0026msg=1"
},
{
"title": "Kepserver Enterprise",
"trust": 0.8,
"url": "https://rockwellautomation.custhelp.com/app/products/detail/categoryRecordID/RN_PRODUCT_611/p/611/~/kepserver-enterprise"
},
{
"title": "CISA Advisory ICSA-20-352-02 - TOP Server OPC UA Server Interface Vulnerability",
"trust": 0.8,
"url": "https://support.softwaretoolbox.com/app/answers/detail/a_id/3924"
},
{
"title": "PTC Kepware KEPServerEX Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=137540"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1301"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-122",
"trust": 1.8
},
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "CWE-121",
"trust": 0.8
},
{
"problemtype": "CWE-416",
"trust": 0.8
},
{
"problemtype": "CWE-276",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-370749"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"db": "NVD",
"id": "CVE-2020-27263"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-13535"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-27263"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-27265"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-27267"
},
{
"trust": 0.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-03"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98489812"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4481/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27263"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULHUB",
"id": "VHN-370749"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1301"
},
{
"db": "NVD",
"id": "CVE-2020-27263"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULHUB",
"id": "VHN-370749"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1301"
},
{
"db": "NVD",
"id": "CVE-2020-27263"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-01-14T00:00:00",
"db": "VULHUB",
"id": "VHN-370749"
},
{
"date": "2020-12-21T09:01:13",
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"date": "2020-12-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-1301"
},
{
"date": "2021-01-14T00:15:13.353000",
"db": "NVD",
"id": "CVE-2020-27263"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-01-21T00:00:00",
"db": "VULHUB",
"id": "VHN-370749"
},
{
"date": "2020-12-21T09:01:13",
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"date": "2021-01-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-1301"
},
{
"date": "2024-11-21T05:20:57.887000",
"db": "NVD",
"id": "CVE-2020-27263"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-1301"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural PTC Product vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-1301"
}
],
"trust": 0.6
}
}
CVE-2023-5909 (GCVE-0-2023-5909)
Vulnerability from nvd – Published: 2023-11-30 22:05 – Updated: 2024-08-02 08:14
VLAI?
Title
Improper Validation of Certificate with Host Mismatch in PTC KEPServerEx
Summary
KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect.
Severity ?
7.5 (High)
CWE
- CWE-297 - Improper Validation of Certificate with Host Mismatch
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| PTC | KEPServerEX |
Affected:
0 , ≤ 6.14.263.0
(custom)
|
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
Credits
Shawn Hoffman
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:14:24.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "KEPServerEX",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "6.14.263.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThingWorx Kepware Server",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "6.14.263.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThingWorx Industrial Connectivity",
"vendor": "PTC",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "OPC-Aggregator",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "6.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThingWorx Kepware Edge",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "KEPServer Enterprise",
"vendor": "Rockwell Automation ",
"versions": [
{
"lessThanOrEqual": "6.14.263.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Industrial Gateway Server",
"vendor": "GE Gigital",
"versions": [
{
"lessThanOrEqual": "7.614",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TOP Server",
"vendor": "Software Toolbox",
"versions": [
{
"lessThanOrEqual": "6.14.263.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Shawn Hoffman"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eKEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect.\u003c/p\u003e\u003cbr\u003e\n\n\u003cbr\u003e\n\n"
}
],
"value": "\n\n\n\n\n\n\n\n\nKEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect.\n\n\n\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-297",
"description": "CWE-297 Improper Validation of Certificate with Host Mismatch",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-30T22:05:59.595Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-03"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003ePTC has released and recommends users to update to the following versions:\u003c/p\u003e\u003cul\u003e\u003cli\u003eKEPServerEX should upgrade to v6.15 or later\u003c/li\u003e\u003cli\u003eThingWorx Kepware Server should upgrade to v6.15 or later\u003c/li\u003e\u003cli\u003eThingWorx Industrial Connectivity should upgrade to ThingWorx Kepware Server v6.15 or later\u003c/li\u003e\u003cli\u003eOPC-Aggregator should upgrade to v6.15 or later\u003c/li\u003e\u003cli\u003eThingWorx Kepware Edge: Upgrade to v1.8 or later\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eRefer to secure configuration guide \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ptc.com/en/support/refdoc/ThingWorx_Kepware_Server/6.15/ThingWorx%20Kepware%20Server%20Secure%20Deployment%20Guide\"\u003ehere\u003c/a\u003e\u003c/p\u003e\u003cp\u003eIf additional questions remain, please contact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.ptc.com/apps/case_logger_viewer/cs/auth/ssl/log?\"\u003ePTC Technical Support\u003c/a\u003e\u003c/p\u003e\u003cp\u003eFor more information, see PTC\u0027s \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ptc.com/en/support/article/CS405439\"\u003eadvisory\u003c/a\u003e.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nPTC has released and recommends users to update to the following versions:\n\n * KEPServerEX should upgrade to v6.15 or later\n * ThingWorx Kepware Server should upgrade to v6.15 or later\n * ThingWorx Industrial Connectivity should upgrade to ThingWorx Kepware Server v6.15 or later\n * OPC-Aggregator should upgrade to v6.15 or later\n * ThingWorx Kepware Edge: Upgrade to v1.8 or later\n\n\nRefer to secure configuration guide here https://www.ptc.com/en/support/refdoc/ThingWorx_Kepware_Server/6.15/ThingWorx%20Kepware%20Server%20Secure%20Deployment%20Guide \n\nIf additional questions remain, please contact PTC Technical Support https://support.ptc.com/apps/case_logger_viewer/cs/auth/ssl/log \n\nFor more information, see PTC\u0027s advisory https://www.ptc.com/en/support/article/CS405439 .\n\n\n\n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Validation of Certificate with Host Mismatch in PTC KEPServerEx",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-5909",
"datePublished": "2023-11-30T22:05:59.595Z",
"dateReserved": "2023-11-01T16:18:45.060Z",
"dateUpdated": "2024-08-02T08:14:24.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5908 (GCVE-0-2023-5908)
Vulnerability from nvd – Published: 2023-11-30 22:03 – Updated: 2024-08-02 08:14
VLAI?
Title
Heap Based Buffer Overflow in PTC KEPServerEx
Summary
KEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information.
Severity ?
9.1 (Critical)
CWE
- CWE-122 - Heap-Based Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| PTC | KEPServerEX |
Affected:
0 , ≤ 6.14.263.0
(custom)
|
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
Credits
Shawn Hoffman
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:14:24.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "KEPServerEX",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "6.14.263.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThingWorx Kepware Server",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "6.14.263.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThingWorx Industrial Connectivity",
"vendor": "PTC",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "OPC-Aggregator",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "6.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThingWorx Kepware Edge",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "KEPServer Enterprise",
"vendor": "Rockwell Automation ",
"versions": [
{
"lessThanOrEqual": "6.14.263.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Industrial Gateway Server",
"vendor": "GE Gigital",
"versions": [
{
"lessThanOrEqual": "7.614",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TOP Server",
"vendor": "Software Toolbox",
"versions": [
{
"lessThanOrEqual": "6.14.263.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Shawn Hoffman"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eKEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information.\u003c/p\u003e\u003cbr\u003e\n\n"
}
],
"value": "\n\n\n\n\nKEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information.\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-Based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-30T22:03:58.098Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-03"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003ePTC has released and recommends users to update to the following versions:\u003c/p\u003e\u003cul\u003e\u003cli\u003eKEPServerEX should upgrade to v6.15 or later\u003c/li\u003e\u003cli\u003eThingWorx Kepware Server should upgrade to v6.15 or later\u003c/li\u003e\u003cli\u003eThingWorx Industrial Connectivity should upgrade to ThingWorx Kepware Server v6.15 or later\u003c/li\u003e\u003cli\u003eOPC-Aggregator should upgrade to v6.15 or later\u003c/li\u003e\u003cli\u003eThingWorx Kepware Edge: Upgrade to v1.8 or later\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eRefer to secure configuration guide \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ptc.com/en/support/refdoc/ThingWorx_Kepware_Server/6.15/ThingWorx%20Kepware%20Server%20Secure%20Deployment%20Guide\"\u003ehere\u003c/a\u003e\u003c/p\u003e\u003cp\u003eIf additional questions remain, please contact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.ptc.com/apps/case_logger_viewer/cs/auth/ssl/log?\"\u003ePTC Technical Support\u003c/a\u003e\u003c/p\u003e\u003cp\u003eFor more information, see PTC\u0027s \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ptc.com/en/support/article/CS405439\"\u003eadvisory\u003c/a\u003e.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nPTC has released and recommends users to update to the following versions:\n\n * KEPServerEX should upgrade to v6.15 or later\n * ThingWorx Kepware Server should upgrade to v6.15 or later\n * ThingWorx Industrial Connectivity should upgrade to ThingWorx Kepware Server v6.15 or later\n * OPC-Aggregator should upgrade to v6.15 or later\n * ThingWorx Kepware Edge: Upgrade to v1.8 or later\n\n\nRefer to secure configuration guide here https://www.ptc.com/en/support/refdoc/ThingWorx_Kepware_Server/6.15/ThingWorx%20Kepware%20Server%20Secure%20Deployment%20Guide \n\nIf additional questions remain, please contact PTC Technical Support https://support.ptc.com/apps/case_logger_viewer/cs/auth/ssl/log \n\nFor more information, see PTC\u0027s advisory https://www.ptc.com/en/support/article/CS405439 .\n\n\n\n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Heap Based Buffer Overflow in PTC KEPServerEx",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-5908",
"datePublished": "2023-11-30T22:03:58.098Z",
"dateReserved": "2023-11-01T16:18:42.353Z",
"dateUpdated": "2024-08-02T08:14:24.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2848 (GCVE-0-2022-2848)
Vulnerability from nvd – Published: 2023-03-29 00:00 – Updated: 2025-02-18 16:42
VLAI?
Summary
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-16486.
Severity ?
9.1 (Critical)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kepware | KEPServerEX |
Affected:
6.11.718.0
|
Credits
Vera Mens, Uri Katz, Sharon Brizinov of Claroty Research
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:52:58.526Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-10"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1454/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2848",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T15:45:30.371828Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T16:42:21.939Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "KEPServerEX",
"vendor": "Kepware",
"versions": [
{
"status": "affected",
"version": "6.11.718.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Vera Mens, Uri Katz, Sharon Brizinov of Claroty Research"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-16486."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-20T00:00:00.000Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-10"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1454/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2022-2848",
"datePublished": "2023-03-29T00:00:00.000Z",
"dateReserved": "2022-08-16T00:00:00.000Z",
"dateUpdated": "2025-02-18T16:42:21.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2825 (GCVE-0-2022-2825)
Vulnerability from nvd – Published: 2023-03-29 00:00 – Updated: 2025-02-18 16:16
VLAI?
Summary
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-18411.
Severity ?
9.8 (Critical)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kepware | KEPServerEX |
Affected:
6.11.718.0
|
Credits
Vera Mens, Uri Katz, Sharon Brizinov of Claroty Research
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:52:58.837Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1455/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-10"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-2825",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T15:48:06.564232Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T16:16:11.214Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "KEPServerEX",
"vendor": "Kepware",
"versions": [
{
"status": "affected",
"version": "6.11.718.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Vera Mens, Uri Katz, Sharon Brizinov of Claroty Research"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-18411."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-20T00:00:00.000Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1455/"
},
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-10"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2022-2825",
"datePublished": "2023-03-29T00:00:00.000Z",
"dateReserved": "2022-08-15T00:00:00.000Z",
"dateUpdated": "2025-02-18T16:16:11.214Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27267 (GCVE-0-2020-27267)
Vulnerability from nvd – Published: 2021-01-13 23:25 – Updated: 2024-08-04 16:11
VLAI?
Summary
KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data.
Severity ?
No CVSS data available.
CWE
- CWE-416 - USE AFTER FREE CWE-416
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| n/a | PTC Kepware KEPServerEX |
Affected:
v6.0 to v6.9
|
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:11:36.412Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PTC Kepware KEPServerEX",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v6.0 to v6.9"
}
]
},
{
"product": "ThingWorx Kepware Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v6.8 and v6.9"
}
]
},
{
"product": "ThingWorx Industrial Connectivity",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "OPC-Aggregator",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "Rockwell Automation KEPServer Enterprise",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "GE Digital Industrial Gateway Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v7.68.804"
},
{
"status": "affected",
"version": "v7.66"
}
]
},
{
"product": "Software Toolbox TOP Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All 6.x versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "USE AFTER FREE CWE-416",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-13T23:25:07",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-27267",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PTC Kepware KEPServerEX",
"version": {
"version_data": [
{
"version_value": "v6.0 to v6.9"
}
]
}
},
{
"product_name": "ThingWorx Kepware Server",
"version": {
"version_data": [
{
"version_value": "v6.8 and v6.9"
}
]
}
},
{
"product_name": "ThingWorx Industrial Connectivity",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "OPC-Aggregator",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "Rockwell Automation KEPServer Enterprise",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "GE Digital Industrial Gateway Server",
"version": {
"version_data": [
{
"version_value": "v7.68.804"
},
{
"version_value": "v7.66"
}
]
}
},
{
"product_name": "Software Toolbox TOP Server",
"version": {
"version_data": [
{
"version_value": "All 6.x versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "USE AFTER FREE CWE-416"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-27267",
"datePublished": "2021-01-13T23:25:07",
"dateReserved": "2020-10-19T00:00:00",
"dateUpdated": "2024-08-04T16:11:36.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27265 (GCVE-0-2020-27265)
Vulnerability from nvd – Published: 2021-01-13 23:33 – Updated: 2024-08-04 16:11
VLAI?
Summary
KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions are vulnerable to a stack-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and remotely execute code.
Severity ?
No CVSS data available.
CWE
- CWE-121 - STACK-BASED BUFFER OVERFLOW CWE-121
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | PTC Kepware KEPServerEX; ThingWorx Industrial Connectivity; OPC-Aggregator; Rockwell Automation KEPServer Enterprise; GE Digital Industrial Gateway Server; Software Toolbox TOP Server |
Affected:
v6.0 to v6.9
Affected: v6.8 and v6.9 Affected: All versions Affected: v7.68.804, v7.66 Affected: All 6.x versions |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:11:36.330Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PTC Kepware KEPServerEX; ThingWorx Industrial Connectivity; OPC-Aggregator; Rockwell Automation KEPServer Enterprise; GE Digital Industrial Gateway Server; Software Toolbox TOP Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v6.0 to v6.9"
},
{
"status": "affected",
"version": "v6.8 and v6.9"
},
{
"status": "affected",
"version": "All versions"
},
{
"status": "affected",
"version": "v7.68.804, v7.66"
},
{
"status": "affected",
"version": "All 6.x versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions are vulnerable to a stack-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and remotely execute code."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "STACK-BASED BUFFER OVERFLOW CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-13T23:33:45",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-27265",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PTC Kepware KEPServerEX; ThingWorx Industrial Connectivity; OPC-Aggregator; Rockwell Automation KEPServer Enterprise; GE Digital Industrial Gateway Server; Software Toolbox TOP Server",
"version": {
"version_data": [
{
"version_value": "v6.0 to v6.9"
},
{
"version_value": "v6.8 and v6.9"
},
{
"version_value": "All versions"
},
{
"version_value": "All versions"
},
{
"version_value": "All versions"
},
{
"version_value": "v7.68.804, v7.66"
},
{
"version_value": "All 6.x versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions are vulnerable to a stack-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and remotely execute code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "STACK-BASED BUFFER OVERFLOW CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-27265",
"datePublished": "2021-01-13T23:33:45",
"dateReserved": "2020-10-19T00:00:00",
"dateUpdated": "2024-08-04T16:11:36.330Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27263 (GCVE-0-2020-27263)
Vulnerability from nvd – Published: 2021-01-13 23:30 – Updated: 2024-08-04 16:11
VLAI?
Summary
KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data.
Severity ?
No CVSS data available.
CWE
- CWE-122 - HEAP-BASED BUFFER OVERFLOW CWE-122
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| n/a | PTC Kepware KEPServerEX |
Affected:
v6.0 to v6.9
|
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:11:36.407Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PTC Kepware KEPServerEX",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v6.0 to v6.9"
}
]
},
{
"product": "ThingWorx Kepware Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v6.8 and v6.9"
}
]
},
{
"product": "ThingWorx Industrial Connectivity",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "OPC-Aggregator",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "Rockwell Automation KEPServer Enterprise",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "GE Digital Industrial Gateway Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v7.68.804"
},
{
"status": "affected",
"version": "v7.66"
}
]
},
{
"product": "Software Toolbox TOP Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All 6.x versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "HEAP-BASED BUFFER OVERFLOW CWE-122",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-13T23:30:08",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-27263",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PTC Kepware KEPServerEX",
"version": {
"version_data": [
{
"version_value": "v6.0 to v6.9"
}
]
}
},
{
"product_name": "ThingWorx Kepware Server",
"version": {
"version_data": [
{
"version_value": "v6.8 and v6.9"
}
]
}
},
{
"product_name": "ThingWorx Industrial Connectivity",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "OPC-Aggregator",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "Rockwell Automation KEPServer Enterprise",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "GE Digital Industrial Gateway Server",
"version": {
"version_data": [
{
"version_value": "v7.68.804"
},
{
"version_value": "v7.66"
}
]
}
},
{
"product_name": "Software Toolbox TOP Server",
"version": {
"version_data": [
{
"version_value": "All 6.x versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "HEAP-BASED BUFFER OVERFLOW CWE-122"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-27263",
"datePublished": "2021-01-13T23:30:08",
"dateReserved": "2020-10-19T00:00:00",
"dateUpdated": "2024-08-04T16:11:36.407Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5909 (GCVE-0-2023-5909)
Vulnerability from cvelistv5 – Published: 2023-11-30 22:05 – Updated: 2024-08-02 08:14
VLAI?
Title
Improper Validation of Certificate with Host Mismatch in PTC KEPServerEx
Summary
KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect.
Severity ?
7.5 (High)
CWE
- CWE-297 - Improper Validation of Certificate with Host Mismatch
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| PTC | KEPServerEX |
Affected:
0 , ≤ 6.14.263.0
(custom)
|
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
Credits
Shawn Hoffman
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:14:24.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "KEPServerEX",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "6.14.263.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThingWorx Kepware Server",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "6.14.263.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThingWorx Industrial Connectivity",
"vendor": "PTC",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "OPC-Aggregator",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "6.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThingWorx Kepware Edge",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "KEPServer Enterprise",
"vendor": "Rockwell Automation ",
"versions": [
{
"lessThanOrEqual": "6.14.263.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Industrial Gateway Server",
"vendor": "GE Gigital",
"versions": [
{
"lessThanOrEqual": "7.614",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TOP Server",
"vendor": "Software Toolbox",
"versions": [
{
"lessThanOrEqual": "6.14.263.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Shawn Hoffman"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eKEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect.\u003c/p\u003e\u003cbr\u003e\n\n\u003cbr\u003e\n\n"
}
],
"value": "\n\n\n\n\n\n\n\n\nKEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect.\n\n\n\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-297",
"description": "CWE-297 Improper Validation of Certificate with Host Mismatch",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-30T22:05:59.595Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-03"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003ePTC has released and recommends users to update to the following versions:\u003c/p\u003e\u003cul\u003e\u003cli\u003eKEPServerEX should upgrade to v6.15 or later\u003c/li\u003e\u003cli\u003eThingWorx Kepware Server should upgrade to v6.15 or later\u003c/li\u003e\u003cli\u003eThingWorx Industrial Connectivity should upgrade to ThingWorx Kepware Server v6.15 or later\u003c/li\u003e\u003cli\u003eOPC-Aggregator should upgrade to v6.15 or later\u003c/li\u003e\u003cli\u003eThingWorx Kepware Edge: Upgrade to v1.8 or later\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eRefer to secure configuration guide \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ptc.com/en/support/refdoc/ThingWorx_Kepware_Server/6.15/ThingWorx%20Kepware%20Server%20Secure%20Deployment%20Guide\"\u003ehere\u003c/a\u003e\u003c/p\u003e\u003cp\u003eIf additional questions remain, please contact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.ptc.com/apps/case_logger_viewer/cs/auth/ssl/log?\"\u003ePTC Technical Support\u003c/a\u003e\u003c/p\u003e\u003cp\u003eFor more information, see PTC\u0027s \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ptc.com/en/support/article/CS405439\"\u003eadvisory\u003c/a\u003e.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nPTC has released and recommends users to update to the following versions:\n\n * KEPServerEX should upgrade to v6.15 or later\n * ThingWorx Kepware Server should upgrade to v6.15 or later\n * ThingWorx Industrial Connectivity should upgrade to ThingWorx Kepware Server v6.15 or later\n * OPC-Aggregator should upgrade to v6.15 or later\n * ThingWorx Kepware Edge: Upgrade to v1.8 or later\n\n\nRefer to secure configuration guide here https://www.ptc.com/en/support/refdoc/ThingWorx_Kepware_Server/6.15/ThingWorx%20Kepware%20Server%20Secure%20Deployment%20Guide \n\nIf additional questions remain, please contact PTC Technical Support https://support.ptc.com/apps/case_logger_viewer/cs/auth/ssl/log \n\nFor more information, see PTC\u0027s advisory https://www.ptc.com/en/support/article/CS405439 .\n\n\n\n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Validation of Certificate with Host Mismatch in PTC KEPServerEx",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-5909",
"datePublished": "2023-11-30T22:05:59.595Z",
"dateReserved": "2023-11-01T16:18:45.060Z",
"dateUpdated": "2024-08-02T08:14:24.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5908 (GCVE-0-2023-5908)
Vulnerability from cvelistv5 – Published: 2023-11-30 22:03 – Updated: 2024-08-02 08:14
VLAI?
Title
Heap Based Buffer Overflow in PTC KEPServerEx
Summary
KEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information.
Severity ?
9.1 (Critical)
CWE
- CWE-122 - Heap-Based Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| PTC | KEPServerEX |
Affected:
0 , ≤ 6.14.263.0
(custom)
|
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
Credits
Shawn Hoffman
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:14:24.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "KEPServerEX",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "6.14.263.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThingWorx Kepware Server",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "6.14.263.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThingWorx Industrial Connectivity",
"vendor": "PTC",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "OPC-Aggregator",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "6.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThingWorx Kepware Edge",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "KEPServer Enterprise",
"vendor": "Rockwell Automation ",
"versions": [
{
"lessThanOrEqual": "6.14.263.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Industrial Gateway Server",
"vendor": "GE Gigital",
"versions": [
{
"lessThanOrEqual": "7.614",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TOP Server",
"vendor": "Software Toolbox",
"versions": [
{
"lessThanOrEqual": "6.14.263.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Shawn Hoffman"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eKEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information.\u003c/p\u003e\u003cbr\u003e\n\n"
}
],
"value": "\n\n\n\n\nKEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information.\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-Based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-30T22:03:58.098Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-03"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003ePTC has released and recommends users to update to the following versions:\u003c/p\u003e\u003cul\u003e\u003cli\u003eKEPServerEX should upgrade to v6.15 or later\u003c/li\u003e\u003cli\u003eThingWorx Kepware Server should upgrade to v6.15 or later\u003c/li\u003e\u003cli\u003eThingWorx Industrial Connectivity should upgrade to ThingWorx Kepware Server v6.15 or later\u003c/li\u003e\u003cli\u003eOPC-Aggregator should upgrade to v6.15 or later\u003c/li\u003e\u003cli\u003eThingWorx Kepware Edge: Upgrade to v1.8 or later\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eRefer to secure configuration guide \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ptc.com/en/support/refdoc/ThingWorx_Kepware_Server/6.15/ThingWorx%20Kepware%20Server%20Secure%20Deployment%20Guide\"\u003ehere\u003c/a\u003e\u003c/p\u003e\u003cp\u003eIf additional questions remain, please contact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.ptc.com/apps/case_logger_viewer/cs/auth/ssl/log?\"\u003ePTC Technical Support\u003c/a\u003e\u003c/p\u003e\u003cp\u003eFor more information, see PTC\u0027s \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ptc.com/en/support/article/CS405439\"\u003eadvisory\u003c/a\u003e.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nPTC has released and recommends users to update to the following versions:\n\n * KEPServerEX should upgrade to v6.15 or later\n * ThingWorx Kepware Server should upgrade to v6.15 or later\n * ThingWorx Industrial Connectivity should upgrade to ThingWorx Kepware Server v6.15 or later\n * OPC-Aggregator should upgrade to v6.15 or later\n * ThingWorx Kepware Edge: Upgrade to v1.8 or later\n\n\nRefer to secure configuration guide here https://www.ptc.com/en/support/refdoc/ThingWorx_Kepware_Server/6.15/ThingWorx%20Kepware%20Server%20Secure%20Deployment%20Guide \n\nIf additional questions remain, please contact PTC Technical Support https://support.ptc.com/apps/case_logger_viewer/cs/auth/ssl/log \n\nFor more information, see PTC\u0027s advisory https://www.ptc.com/en/support/article/CS405439 .\n\n\n\n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Heap Based Buffer Overflow in PTC KEPServerEx",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-5908",
"datePublished": "2023-11-30T22:03:58.098Z",
"dateReserved": "2023-11-01T16:18:42.353Z",
"dateUpdated": "2024-08-02T08:14:24.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2848 (GCVE-0-2022-2848)
Vulnerability from cvelistv5 – Published: 2023-03-29 00:00 – Updated: 2025-02-18 16:42
VLAI?
Summary
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-16486.
Severity ?
9.1 (Critical)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kepware | KEPServerEX |
Affected:
6.11.718.0
|
Credits
Vera Mens, Uri Katz, Sharon Brizinov of Claroty Research
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:52:58.526Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-10"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1454/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2848",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T15:45:30.371828Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T16:42:21.939Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "KEPServerEX",
"vendor": "Kepware",
"versions": [
{
"status": "affected",
"version": "6.11.718.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Vera Mens, Uri Katz, Sharon Brizinov of Claroty Research"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-16486."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-20T00:00:00.000Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-10"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1454/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2022-2848",
"datePublished": "2023-03-29T00:00:00.000Z",
"dateReserved": "2022-08-16T00:00:00.000Z",
"dateUpdated": "2025-02-18T16:42:21.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2825 (GCVE-0-2022-2825)
Vulnerability from cvelistv5 – Published: 2023-03-29 00:00 – Updated: 2025-02-18 16:16
VLAI?
Summary
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-18411.
Severity ?
9.8 (Critical)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kepware | KEPServerEX |
Affected:
6.11.718.0
|
Credits
Vera Mens, Uri Katz, Sharon Brizinov of Claroty Research
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:52:58.837Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1455/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-10"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-2825",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T15:48:06.564232Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T16:16:11.214Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "KEPServerEX",
"vendor": "Kepware",
"versions": [
{
"status": "affected",
"version": "6.11.718.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Vera Mens, Uri Katz, Sharon Brizinov of Claroty Research"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-18411."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-20T00:00:00.000Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1455/"
},
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-10"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2022-2825",
"datePublished": "2023-03-29T00:00:00.000Z",
"dateReserved": "2022-08-15T00:00:00.000Z",
"dateUpdated": "2025-02-18T16:16:11.214Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27265 (GCVE-0-2020-27265)
Vulnerability from cvelistv5 – Published: 2021-01-13 23:33 – Updated: 2024-08-04 16:11
VLAI?
Summary
KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions are vulnerable to a stack-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and remotely execute code.
Severity ?
No CVSS data available.
CWE
- CWE-121 - STACK-BASED BUFFER OVERFLOW CWE-121
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | PTC Kepware KEPServerEX; ThingWorx Industrial Connectivity; OPC-Aggregator; Rockwell Automation KEPServer Enterprise; GE Digital Industrial Gateway Server; Software Toolbox TOP Server |
Affected:
v6.0 to v6.9
Affected: v6.8 and v6.9 Affected: All versions Affected: v7.68.804, v7.66 Affected: All 6.x versions |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:11:36.330Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PTC Kepware KEPServerEX; ThingWorx Industrial Connectivity; OPC-Aggregator; Rockwell Automation KEPServer Enterprise; GE Digital Industrial Gateway Server; Software Toolbox TOP Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v6.0 to v6.9"
},
{
"status": "affected",
"version": "v6.8 and v6.9"
},
{
"status": "affected",
"version": "All versions"
},
{
"status": "affected",
"version": "v7.68.804, v7.66"
},
{
"status": "affected",
"version": "All 6.x versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions are vulnerable to a stack-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and remotely execute code."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "STACK-BASED BUFFER OVERFLOW CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-13T23:33:45",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-27265",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PTC Kepware KEPServerEX; ThingWorx Industrial Connectivity; OPC-Aggregator; Rockwell Automation KEPServer Enterprise; GE Digital Industrial Gateway Server; Software Toolbox TOP Server",
"version": {
"version_data": [
{
"version_value": "v6.0 to v6.9"
},
{
"version_value": "v6.8 and v6.9"
},
{
"version_value": "All versions"
},
{
"version_value": "All versions"
},
{
"version_value": "All versions"
},
{
"version_value": "v7.68.804, v7.66"
},
{
"version_value": "All 6.x versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions are vulnerable to a stack-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and remotely execute code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "STACK-BASED BUFFER OVERFLOW CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-27265",
"datePublished": "2021-01-13T23:33:45",
"dateReserved": "2020-10-19T00:00:00",
"dateUpdated": "2024-08-04T16:11:36.330Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27263 (GCVE-0-2020-27263)
Vulnerability from cvelistv5 – Published: 2021-01-13 23:30 – Updated: 2024-08-04 16:11
VLAI?
Summary
KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data.
Severity ?
No CVSS data available.
CWE
- CWE-122 - HEAP-BASED BUFFER OVERFLOW CWE-122
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| n/a | PTC Kepware KEPServerEX |
Affected:
v6.0 to v6.9
|
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:11:36.407Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PTC Kepware KEPServerEX",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v6.0 to v6.9"
}
]
},
{
"product": "ThingWorx Kepware Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v6.8 and v6.9"
}
]
},
{
"product": "ThingWorx Industrial Connectivity",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "OPC-Aggregator",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "Rockwell Automation KEPServer Enterprise",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "GE Digital Industrial Gateway Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v7.68.804"
},
{
"status": "affected",
"version": "v7.66"
}
]
},
{
"product": "Software Toolbox TOP Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All 6.x versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "HEAP-BASED BUFFER OVERFLOW CWE-122",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-13T23:30:08",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-27263",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PTC Kepware KEPServerEX",
"version": {
"version_data": [
{
"version_value": "v6.0 to v6.9"
}
]
}
},
{
"product_name": "ThingWorx Kepware Server",
"version": {
"version_data": [
{
"version_value": "v6.8 and v6.9"
}
]
}
},
{
"product_name": "ThingWorx Industrial Connectivity",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "OPC-Aggregator",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "Rockwell Automation KEPServer Enterprise",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "GE Digital Industrial Gateway Server",
"version": {
"version_data": [
{
"version_value": "v7.68.804"
},
{
"version_value": "v7.66"
}
]
}
},
{
"product_name": "Software Toolbox TOP Server",
"version": {
"version_data": [
{
"version_value": "All 6.x versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "HEAP-BASED BUFFER OVERFLOW CWE-122"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-27263",
"datePublished": "2021-01-13T23:30:08",
"dateReserved": "2020-10-19T00:00:00",
"dateUpdated": "2024-08-04T16:11:36.407Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27267 (GCVE-0-2020-27267)
Vulnerability from cvelistv5 – Published: 2021-01-13 23:25 – Updated: 2024-08-04 16:11
VLAI?
Summary
KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data.
Severity ?
No CVSS data available.
CWE
- CWE-416 - USE AFTER FREE CWE-416
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| n/a | PTC Kepware KEPServerEX |
Affected:
v6.0 to v6.9
|
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:11:36.412Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PTC Kepware KEPServerEX",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v6.0 to v6.9"
}
]
},
{
"product": "ThingWorx Kepware Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v6.8 and v6.9"
}
]
},
{
"product": "ThingWorx Industrial Connectivity",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "OPC-Aggregator",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "Rockwell Automation KEPServer Enterprise",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "GE Digital Industrial Gateway Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v7.68.804"
},
{
"status": "affected",
"version": "v7.66"
}
]
},
{
"product": "Software Toolbox TOP Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All 6.x versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "USE AFTER FREE CWE-416",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-13T23:25:07",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-27267",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PTC Kepware KEPServerEX",
"version": {
"version_data": [
{
"version_value": "v6.0 to v6.9"
}
]
}
},
{
"product_name": "ThingWorx Kepware Server",
"version": {
"version_data": [
{
"version_value": "v6.8 and v6.9"
}
]
}
},
{
"product_name": "ThingWorx Industrial Connectivity",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "OPC-Aggregator",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "Rockwell Automation KEPServer Enterprise",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "GE Digital Industrial Gateway Server",
"version": {
"version_data": [
{
"version_value": "v7.68.804"
},
{
"version_value": "v7.66"
}
]
}
},
{
"product_name": "Software Toolbox TOP Server",
"version": {
"version_data": [
{
"version_value": "All 6.x versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "USE AFTER FREE CWE-416"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-27267",
"datePublished": "2021-01-13T23:25:07",
"dateReserved": "2020-10-19T00:00:00",
"dateUpdated": "2024-08-04T16:11:36.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}