Search criteria
18 vulnerabilities found for kepware_kepserverex by ptc
CVE-2023-29447 (GCVE-0-2023-29447)
Vulnerability from nvd – Published: 2024-01-10 20:24 – Updated: 2025-06-17 20:59
VLAI?
Title
Insufficiently Protected Credentials in PTC's Kepware KEPServerEX
Summary
An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to capture user credentials as the web server uses basic authentication.
Severity ?
5.7 (Medium)
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| PTC | Kepware KEPServerEX |
Affected:
0 , ≤ 6.14.263.0
(0)
|
||||||||||||
|
||||||||||||||
Credits
Sam Hanson of Dragos
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:46.417Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-03"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ptc.com/en/support/article/cs399528"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.dragos.com/advisory/ptcs-kepserverex-vulnerabilities/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29447",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-11T02:38:36.071314Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T20:59:11.540Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Kepware KEPServerEX",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "6.14.263.0",
"status": "affected",
"version": "0",
"versionType": "0"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "ThingWorx Kepware Server",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "6.14.263.0",
"status": "affected",
"version": "0",
"versionType": "0"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "ThingWorx Industrial Connectivity",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "8.5",
"status": "affected",
"version": "8.0",
"versionType": "0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Sam Hanson of Dragos"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to capture user credentials as the web server uses basic authentication."
}
],
"value": "An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to capture user credentials as the web server uses basic authentication."
}
],
"impacts": [
{
"capecId": "CAPEC-94",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-94 Man in the Middle Attack"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T15:45:53.226Z",
"orgId": "12bdf821-1545-4a87-aac5-61670cc6fcef",
"shortName": "Dragos"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-03"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ptc.com/en/support/article/cs399528"
},
{
"url": "https://www.dragos.com/advisory/ptcs-kepserverex-vulnerabilities/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Insufficiently Protected Credentials in PTC\u0027s Kepware KEPServerEX",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "12bdf821-1545-4a87-aac5-61670cc6fcef",
"assignerShortName": "Dragos",
"cveId": "CVE-2023-29447",
"datePublished": "2024-01-10T20:24:52.983Z",
"dateReserved": "2023-04-06T17:45:40.441Z",
"dateUpdated": "2025-06-17T20:59:11.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29446 (GCVE-0-2023-29446)
Vulnerability from nvd – Published: 2024-01-10 20:21 – Updated: 2024-11-14 17:23
VLAI?
Title
Improper Input Validation in PTC's Kepware KEPServerEX
Summary
An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file. This allows an adversary to capture NLTMv2 hashes and potentially crack them offline.
Severity ?
4.7 (Medium)
CWE
- CWE-40 - Path Traversal: '\\UNC\share\name\' (Windows UNC Share)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| PTC | Kepware KEPServerEX |
Affected:
0 , ≤ 6.14.263.0
(0)
|
||||||||||||
|
||||||||||||||
Credits
Sam Hanson of Dragos
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:46.304Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-03"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ptc.com/en/support/article/cs399528"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.dragos.com/advisory/ptcs-kepserverex-vulnerabilities/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29446",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-14T17:23:25.379414Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T17:23:37.514Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Kepware KEPServerEX",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "6.14.263.0",
"status": "affected",
"version": "0",
"versionType": "0"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "ThingWorx Kepware Server",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "6.14.263.0",
"status": "affected",
"version": "0",
"versionType": "0"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "ThingWorx Industrial Connectivity",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "8.5",
"status": "affected",
"version": "8.0",
"versionType": "0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Sam Hanson of Dragos"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file. This allows an adversary to capture NLTMv2 hashes and potentially crack them offline.\u0026nbsp;"
}
],
"value": "An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file. This allows an adversary to capture NLTMv2 hashes and potentially crack them offline."
}
],
"impacts": [
{
"capecId": "CAPEC-644",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-644 Use of Captured Hashes (Pass The Hash)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-40",
"description": "CWE-40: Path Traversal: \u0027\\\\UNC\\share\\name\\\u0027 (Windows UNC Share)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T15:13:16.725Z",
"orgId": "12bdf821-1545-4a87-aac5-61670cc6fcef",
"shortName": "Dragos"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-03"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ptc.com/en/support/article/cs399528"
},
{
"url": "https://www.dragos.com/advisory/ptcs-kepserverex-vulnerabilities/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Input Validation in PTC\u0027s Kepware KEPServerEX",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "12bdf821-1545-4a87-aac5-61670cc6fcef",
"assignerShortName": "Dragos",
"cveId": "CVE-2023-29446",
"datePublished": "2024-01-10T20:21:51.434Z",
"dateReserved": "2023-04-06T17:45:40.441Z",
"dateUpdated": "2024-11-14T17:23:37.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29445 (GCVE-0-2023-29445)
Vulnerability from nvd – Published: 2024-01-10 20:17 – Updated: 2025-06-17 20:59
VLAI?
Title
Uncontrolled Search Path Element in PTC's Kepware KEPServerEX
Summary
An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM.
Severity ?
7.8 (High)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| PTC | Kepware KEPServerEX |
Affected:
0 , ≤ 6.14.263.0
(0)
|
||||||||||||
|
||||||||||||||
Credits
Sam Hanson of Dragos
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:46.126Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-03"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ptc.com/en/support/article/cs399528"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.dragos.com/advisory/ptcs-kepserverex-vulnerabilities/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29445",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-11T20:16:37.750500Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T20:59:11.408Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Kepware KEPServerEX",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "6.14.263.0",
"status": "affected",
"version": "0",
"versionType": "0"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "ThingWorx Kepware Server",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "6.14.263.0",
"status": "affected",
"version": "0",
"versionType": "0"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "ThingWorx Industrial Connectivity",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "8.5",
"status": "affected",
"version": "8.0",
"versionType": "0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Sam Hanson of Dragos"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM."
}
],
"value": "An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-10T20:17:12.837Z",
"orgId": "12bdf821-1545-4a87-aac5-61670cc6fcef",
"shortName": "Dragos"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-03"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ptc.com/en/support/article/cs399528"
},
{
"url": "https://www.dragos.com/advisory/ptcs-kepserverex-vulnerabilities/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Uncontrolled Search Path Element in PTC\u0027s Kepware KEPServerEX",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "12bdf821-1545-4a87-aac5-61670cc6fcef",
"assignerShortName": "Dragos",
"cveId": "CVE-2023-29445",
"datePublished": "2024-01-10T20:17:12.837Z",
"dateReserved": "2023-04-06T17:45:40.441Z",
"dateUpdated": "2025-06-17T20:59:11.408Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29444 (GCVE-0-2023-29444)
Vulnerability from nvd – Published: 2024-01-10 17:06 – Updated: 2025-05-14 20:14
VLAI?
Title
Uncontrolled Search Path Element in PTC's Kepware KEPServerEX
Summary
An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. Alternatively, they could host a trojanized version of the software and trick victims into downloading and installing their malicious version to gain initial access and code execution.
Severity ?
6.3 (Medium)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| PTC | Kepware KEPServerEX |
Affected:
0 , ≤ 6.14.263.0
(0)
|
||||||||||||
|
||||||||||||||
Credits
Sam Hanson of Dragos
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:46.269Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-03"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ptc.com/en/support/article/cs399528"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29444",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-14T20:14:08.179087Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-14T20:14:19.414Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Kepware KEPServerEX",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "6.14.263.0",
"status": "affected",
"version": "0",
"versionType": "0"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "ThingWorx Kepware Server",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "6.14.263.0",
"status": "affected",
"version": "0",
"versionType": "0"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "ThingWorx Industrial Connectivity",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "8.5",
"status": "affected",
"version": "8.0",
"versionType": "0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Sam Hanson of Dragos"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. Alternatively, they could host a trojanized version of the software and trick victims into downloading and installing their malicious version to gain initial access and code execution."
}
],
"value": "An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. Alternatively, they could host a trojanized version of the software and trick victims into downloading and installing their malicious version to gain initial access and code execution."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-10T17:06:35.965Z",
"orgId": "12bdf821-1545-4a87-aac5-61670cc6fcef",
"shortName": "Dragos"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-03"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ptc.com/en/support/article/cs399528"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Uncontrolled Search Path Element in PTC\u0027s Kepware KEPServerEX",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "12bdf821-1545-4a87-aac5-61670cc6fcef",
"assignerShortName": "Dragos",
"cveId": "CVE-2023-29444",
"datePublished": "2024-01-10T17:06:35.965Z",
"dateReserved": "2023-04-06T17:45:40.441Z",
"dateUpdated": "2025-05-14T20:14:19.414Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2848 (GCVE-0-2022-2848)
Vulnerability from nvd – Published: 2023-03-29 00:00 – Updated: 2025-02-18 16:42
VLAI?
Summary
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-16486.
Severity ?
9.1 (Critical)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kepware | KEPServerEX |
Affected:
6.11.718.0
|
Credits
Vera Mens, Uri Katz, Sharon Brizinov of Claroty Research
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:52:58.526Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-10"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1454/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2848",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T15:45:30.371828Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T16:42:21.939Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "KEPServerEX",
"vendor": "Kepware",
"versions": [
{
"status": "affected",
"version": "6.11.718.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Vera Mens, Uri Katz, Sharon Brizinov of Claroty Research"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-16486."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-20T00:00:00.000Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-10"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1454/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2022-2848",
"datePublished": "2023-03-29T00:00:00.000Z",
"dateReserved": "2022-08-16T00:00:00.000Z",
"dateUpdated": "2025-02-18T16:42:21.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2825 (GCVE-0-2022-2825)
Vulnerability from nvd – Published: 2023-03-29 00:00 – Updated: 2025-02-18 16:16
VLAI?
Summary
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-18411.
Severity ?
9.8 (Critical)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kepware | KEPServerEX |
Affected:
6.11.718.0
|
Credits
Vera Mens, Uri Katz, Sharon Brizinov of Claroty Research
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:52:58.837Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1455/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-10"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-2825",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T15:48:06.564232Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T16:16:11.214Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "KEPServerEX",
"vendor": "Kepware",
"versions": [
{
"status": "affected",
"version": "6.11.718.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Vera Mens, Uri Katz, Sharon Brizinov of Claroty Research"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-18411."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-20T00:00:00.000Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1455/"
},
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-10"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2022-2825",
"datePublished": "2023-03-29T00:00:00.000Z",
"dateReserved": "2022-08-15T00:00:00.000Z",
"dateUpdated": "2025-02-18T16:16:11.214Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27267 (GCVE-0-2020-27267)
Vulnerability from nvd – Published: 2021-01-13 23:25 – Updated: 2024-08-04 16:11
VLAI?
Summary
KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data.
Severity ?
No CVSS data available.
CWE
- CWE-416 - USE AFTER FREE CWE-416
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| n/a | PTC Kepware KEPServerEX |
Affected:
v6.0 to v6.9
|
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:11:36.412Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PTC Kepware KEPServerEX",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v6.0 to v6.9"
}
]
},
{
"product": "ThingWorx Kepware Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v6.8 and v6.9"
}
]
},
{
"product": "ThingWorx Industrial Connectivity",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "OPC-Aggregator",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "Rockwell Automation KEPServer Enterprise",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "GE Digital Industrial Gateway Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v7.68.804"
},
{
"status": "affected",
"version": "v7.66"
}
]
},
{
"product": "Software Toolbox TOP Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All 6.x versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "USE AFTER FREE CWE-416",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-13T23:25:07",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-27267",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PTC Kepware KEPServerEX",
"version": {
"version_data": [
{
"version_value": "v6.0 to v6.9"
}
]
}
},
{
"product_name": "ThingWorx Kepware Server",
"version": {
"version_data": [
{
"version_value": "v6.8 and v6.9"
}
]
}
},
{
"product_name": "ThingWorx Industrial Connectivity",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "OPC-Aggregator",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "Rockwell Automation KEPServer Enterprise",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "GE Digital Industrial Gateway Server",
"version": {
"version_data": [
{
"version_value": "v7.68.804"
},
{
"version_value": "v7.66"
}
]
}
},
{
"product_name": "Software Toolbox TOP Server",
"version": {
"version_data": [
{
"version_value": "All 6.x versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "USE AFTER FREE CWE-416"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-27267",
"datePublished": "2021-01-13T23:25:07",
"dateReserved": "2020-10-19T00:00:00",
"dateUpdated": "2024-08-04T16:11:36.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27265 (GCVE-0-2020-27265)
Vulnerability from nvd – Published: 2021-01-13 23:33 – Updated: 2024-08-04 16:11
VLAI?
Summary
KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions are vulnerable to a stack-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and remotely execute code.
Severity ?
No CVSS data available.
CWE
- CWE-121 - STACK-BASED BUFFER OVERFLOW CWE-121
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | PTC Kepware KEPServerEX; ThingWorx Industrial Connectivity; OPC-Aggregator; Rockwell Automation KEPServer Enterprise; GE Digital Industrial Gateway Server; Software Toolbox TOP Server |
Affected:
v6.0 to v6.9
Affected: v6.8 and v6.9 Affected: All versions Affected: v7.68.804, v7.66 Affected: All 6.x versions |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:11:36.330Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PTC Kepware KEPServerEX; ThingWorx Industrial Connectivity; OPC-Aggregator; Rockwell Automation KEPServer Enterprise; GE Digital Industrial Gateway Server; Software Toolbox TOP Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v6.0 to v6.9"
},
{
"status": "affected",
"version": "v6.8 and v6.9"
},
{
"status": "affected",
"version": "All versions"
},
{
"status": "affected",
"version": "v7.68.804, v7.66"
},
{
"status": "affected",
"version": "All 6.x versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions are vulnerable to a stack-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and remotely execute code."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "STACK-BASED BUFFER OVERFLOW CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-13T23:33:45",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-27265",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PTC Kepware KEPServerEX; ThingWorx Industrial Connectivity; OPC-Aggregator; Rockwell Automation KEPServer Enterprise; GE Digital Industrial Gateway Server; Software Toolbox TOP Server",
"version": {
"version_data": [
{
"version_value": "v6.0 to v6.9"
},
{
"version_value": "v6.8 and v6.9"
},
{
"version_value": "All versions"
},
{
"version_value": "All versions"
},
{
"version_value": "All versions"
},
{
"version_value": "v7.68.804, v7.66"
},
{
"version_value": "All 6.x versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions are vulnerable to a stack-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and remotely execute code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "STACK-BASED BUFFER OVERFLOW CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-27265",
"datePublished": "2021-01-13T23:33:45",
"dateReserved": "2020-10-19T00:00:00",
"dateUpdated": "2024-08-04T16:11:36.330Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27263 (GCVE-0-2020-27263)
Vulnerability from nvd – Published: 2021-01-13 23:30 – Updated: 2024-08-04 16:11
VLAI?
Summary
KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data.
Severity ?
No CVSS data available.
CWE
- CWE-122 - HEAP-BASED BUFFER OVERFLOW CWE-122
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| n/a | PTC Kepware KEPServerEX |
Affected:
v6.0 to v6.9
|
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:11:36.407Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PTC Kepware KEPServerEX",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v6.0 to v6.9"
}
]
},
{
"product": "ThingWorx Kepware Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v6.8 and v6.9"
}
]
},
{
"product": "ThingWorx Industrial Connectivity",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "OPC-Aggregator",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "Rockwell Automation KEPServer Enterprise",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "GE Digital Industrial Gateway Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v7.68.804"
},
{
"status": "affected",
"version": "v7.66"
}
]
},
{
"product": "Software Toolbox TOP Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All 6.x versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "HEAP-BASED BUFFER OVERFLOW CWE-122",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-13T23:30:08",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-27263",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PTC Kepware KEPServerEX",
"version": {
"version_data": [
{
"version_value": "v6.0 to v6.9"
}
]
}
},
{
"product_name": "ThingWorx Kepware Server",
"version": {
"version_data": [
{
"version_value": "v6.8 and v6.9"
}
]
}
},
{
"product_name": "ThingWorx Industrial Connectivity",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "OPC-Aggregator",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "Rockwell Automation KEPServer Enterprise",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "GE Digital Industrial Gateway Server",
"version": {
"version_data": [
{
"version_value": "v7.68.804"
},
{
"version_value": "v7.66"
}
]
}
},
{
"product_name": "Software Toolbox TOP Server",
"version": {
"version_data": [
{
"version_value": "All 6.x versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "HEAP-BASED BUFFER OVERFLOW CWE-122"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-27263",
"datePublished": "2021-01-13T23:30:08",
"dateReserved": "2020-10-19T00:00:00",
"dateUpdated": "2024-08-04T16:11:36.407Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29447 (GCVE-0-2023-29447)
Vulnerability from cvelistv5 – Published: 2024-01-10 20:24 – Updated: 2025-06-17 20:59
VLAI?
Title
Insufficiently Protected Credentials in PTC's Kepware KEPServerEX
Summary
An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to capture user credentials as the web server uses basic authentication.
Severity ?
5.7 (Medium)
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| PTC | Kepware KEPServerEX |
Affected:
0 , ≤ 6.14.263.0
(0)
|
||||||||||||
|
||||||||||||||
Credits
Sam Hanson of Dragos
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:46.417Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-03"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ptc.com/en/support/article/cs399528"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.dragos.com/advisory/ptcs-kepserverex-vulnerabilities/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29447",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-11T02:38:36.071314Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T20:59:11.540Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Kepware KEPServerEX",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "6.14.263.0",
"status": "affected",
"version": "0",
"versionType": "0"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "ThingWorx Kepware Server",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "6.14.263.0",
"status": "affected",
"version": "0",
"versionType": "0"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "ThingWorx Industrial Connectivity",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "8.5",
"status": "affected",
"version": "8.0",
"versionType": "0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Sam Hanson of Dragos"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to capture user credentials as the web server uses basic authentication."
}
],
"value": "An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to capture user credentials as the web server uses basic authentication."
}
],
"impacts": [
{
"capecId": "CAPEC-94",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-94 Man in the Middle Attack"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T15:45:53.226Z",
"orgId": "12bdf821-1545-4a87-aac5-61670cc6fcef",
"shortName": "Dragos"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-03"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ptc.com/en/support/article/cs399528"
},
{
"url": "https://www.dragos.com/advisory/ptcs-kepserverex-vulnerabilities/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Insufficiently Protected Credentials in PTC\u0027s Kepware KEPServerEX",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "12bdf821-1545-4a87-aac5-61670cc6fcef",
"assignerShortName": "Dragos",
"cveId": "CVE-2023-29447",
"datePublished": "2024-01-10T20:24:52.983Z",
"dateReserved": "2023-04-06T17:45:40.441Z",
"dateUpdated": "2025-06-17T20:59:11.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29446 (GCVE-0-2023-29446)
Vulnerability from cvelistv5 – Published: 2024-01-10 20:21 – Updated: 2024-11-14 17:23
VLAI?
Title
Improper Input Validation in PTC's Kepware KEPServerEX
Summary
An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file. This allows an adversary to capture NLTMv2 hashes and potentially crack them offline.
Severity ?
4.7 (Medium)
CWE
- CWE-40 - Path Traversal: '\\UNC\share\name\' (Windows UNC Share)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| PTC | Kepware KEPServerEX |
Affected:
0 , ≤ 6.14.263.0
(0)
|
||||||||||||
|
||||||||||||||
Credits
Sam Hanson of Dragos
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:46.304Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-03"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ptc.com/en/support/article/cs399528"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.dragos.com/advisory/ptcs-kepserverex-vulnerabilities/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29446",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-14T17:23:25.379414Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T17:23:37.514Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Kepware KEPServerEX",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "6.14.263.0",
"status": "affected",
"version": "0",
"versionType": "0"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "ThingWorx Kepware Server",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "6.14.263.0",
"status": "affected",
"version": "0",
"versionType": "0"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "ThingWorx Industrial Connectivity",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "8.5",
"status": "affected",
"version": "8.0",
"versionType": "0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Sam Hanson of Dragos"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file. This allows an adversary to capture NLTMv2 hashes and potentially crack them offline.\u0026nbsp;"
}
],
"value": "An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file. This allows an adversary to capture NLTMv2 hashes and potentially crack them offline."
}
],
"impacts": [
{
"capecId": "CAPEC-644",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-644 Use of Captured Hashes (Pass The Hash)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-40",
"description": "CWE-40: Path Traversal: \u0027\\\\UNC\\share\\name\\\u0027 (Windows UNC Share)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T15:13:16.725Z",
"orgId": "12bdf821-1545-4a87-aac5-61670cc6fcef",
"shortName": "Dragos"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-03"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ptc.com/en/support/article/cs399528"
},
{
"url": "https://www.dragos.com/advisory/ptcs-kepserverex-vulnerabilities/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Input Validation in PTC\u0027s Kepware KEPServerEX",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "12bdf821-1545-4a87-aac5-61670cc6fcef",
"assignerShortName": "Dragos",
"cveId": "CVE-2023-29446",
"datePublished": "2024-01-10T20:21:51.434Z",
"dateReserved": "2023-04-06T17:45:40.441Z",
"dateUpdated": "2024-11-14T17:23:37.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29445 (GCVE-0-2023-29445)
Vulnerability from cvelistv5 – Published: 2024-01-10 20:17 – Updated: 2025-06-17 20:59
VLAI?
Title
Uncontrolled Search Path Element in PTC's Kepware KEPServerEX
Summary
An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM.
Severity ?
7.8 (High)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| PTC | Kepware KEPServerEX |
Affected:
0 , ≤ 6.14.263.0
(0)
|
||||||||||||
|
||||||||||||||
Credits
Sam Hanson of Dragos
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:46.126Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-03"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ptc.com/en/support/article/cs399528"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.dragos.com/advisory/ptcs-kepserverex-vulnerabilities/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29445",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-11T20:16:37.750500Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T20:59:11.408Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Kepware KEPServerEX",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "6.14.263.0",
"status": "affected",
"version": "0",
"versionType": "0"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "ThingWorx Kepware Server",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "6.14.263.0",
"status": "affected",
"version": "0",
"versionType": "0"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "ThingWorx Industrial Connectivity",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "8.5",
"status": "affected",
"version": "8.0",
"versionType": "0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Sam Hanson of Dragos"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM."
}
],
"value": "An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-10T20:17:12.837Z",
"orgId": "12bdf821-1545-4a87-aac5-61670cc6fcef",
"shortName": "Dragos"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-03"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ptc.com/en/support/article/cs399528"
},
{
"url": "https://www.dragos.com/advisory/ptcs-kepserverex-vulnerabilities/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Uncontrolled Search Path Element in PTC\u0027s Kepware KEPServerEX",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "12bdf821-1545-4a87-aac5-61670cc6fcef",
"assignerShortName": "Dragos",
"cveId": "CVE-2023-29445",
"datePublished": "2024-01-10T20:17:12.837Z",
"dateReserved": "2023-04-06T17:45:40.441Z",
"dateUpdated": "2025-06-17T20:59:11.408Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29444 (GCVE-0-2023-29444)
Vulnerability from cvelistv5 – Published: 2024-01-10 17:06 – Updated: 2025-05-14 20:14
VLAI?
Title
Uncontrolled Search Path Element in PTC's Kepware KEPServerEX
Summary
An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. Alternatively, they could host a trojanized version of the software and trick victims into downloading and installing their malicious version to gain initial access and code execution.
Severity ?
6.3 (Medium)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| PTC | Kepware KEPServerEX |
Affected:
0 , ≤ 6.14.263.0
(0)
|
||||||||||||
|
||||||||||||||
Credits
Sam Hanson of Dragos
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:46.269Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-03"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ptc.com/en/support/article/cs399528"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29444",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-14T20:14:08.179087Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-14T20:14:19.414Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Kepware KEPServerEX",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "6.14.263.0",
"status": "affected",
"version": "0",
"versionType": "0"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "ThingWorx Kepware Server",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "6.14.263.0",
"status": "affected",
"version": "0",
"versionType": "0"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "ThingWorx Industrial Connectivity",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "8.5",
"status": "affected",
"version": "8.0",
"versionType": "0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Sam Hanson of Dragos"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. Alternatively, they could host a trojanized version of the software and trick victims into downloading and installing their malicious version to gain initial access and code execution."
}
],
"value": "An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. Alternatively, they could host a trojanized version of the software and trick victims into downloading and installing their malicious version to gain initial access and code execution."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-10T17:06:35.965Z",
"orgId": "12bdf821-1545-4a87-aac5-61670cc6fcef",
"shortName": "Dragos"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-03"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ptc.com/en/support/article/cs399528"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Uncontrolled Search Path Element in PTC\u0027s Kepware KEPServerEX",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "12bdf821-1545-4a87-aac5-61670cc6fcef",
"assignerShortName": "Dragos",
"cveId": "CVE-2023-29444",
"datePublished": "2024-01-10T17:06:35.965Z",
"dateReserved": "2023-04-06T17:45:40.441Z",
"dateUpdated": "2025-05-14T20:14:19.414Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2848 (GCVE-0-2022-2848)
Vulnerability from cvelistv5 – Published: 2023-03-29 00:00 – Updated: 2025-02-18 16:42
VLAI?
Summary
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-16486.
Severity ?
9.1 (Critical)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kepware | KEPServerEX |
Affected:
6.11.718.0
|
Credits
Vera Mens, Uri Katz, Sharon Brizinov of Claroty Research
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:52:58.526Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-10"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1454/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2848",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T15:45:30.371828Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T16:42:21.939Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "KEPServerEX",
"vendor": "Kepware",
"versions": [
{
"status": "affected",
"version": "6.11.718.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Vera Mens, Uri Katz, Sharon Brizinov of Claroty Research"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-16486."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-20T00:00:00.000Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-10"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1454/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2022-2848",
"datePublished": "2023-03-29T00:00:00.000Z",
"dateReserved": "2022-08-16T00:00:00.000Z",
"dateUpdated": "2025-02-18T16:42:21.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2825 (GCVE-0-2022-2825)
Vulnerability from cvelistv5 – Published: 2023-03-29 00:00 – Updated: 2025-02-18 16:16
VLAI?
Summary
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-18411.
Severity ?
9.8 (Critical)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kepware | KEPServerEX |
Affected:
6.11.718.0
|
Credits
Vera Mens, Uri Katz, Sharon Brizinov of Claroty Research
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:52:58.837Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1455/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-10"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-2825",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T15:48:06.564232Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T16:16:11.214Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "KEPServerEX",
"vendor": "Kepware",
"versions": [
{
"status": "affected",
"version": "6.11.718.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Vera Mens, Uri Katz, Sharon Brizinov of Claroty Research"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-18411."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-20T00:00:00.000Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1455/"
},
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-10"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2022-2825",
"datePublished": "2023-03-29T00:00:00.000Z",
"dateReserved": "2022-08-15T00:00:00.000Z",
"dateUpdated": "2025-02-18T16:16:11.214Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27265 (GCVE-0-2020-27265)
Vulnerability from cvelistv5 – Published: 2021-01-13 23:33 – Updated: 2024-08-04 16:11
VLAI?
Summary
KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions are vulnerable to a stack-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and remotely execute code.
Severity ?
No CVSS data available.
CWE
- CWE-121 - STACK-BASED BUFFER OVERFLOW CWE-121
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | PTC Kepware KEPServerEX; ThingWorx Industrial Connectivity; OPC-Aggregator; Rockwell Automation KEPServer Enterprise; GE Digital Industrial Gateway Server; Software Toolbox TOP Server |
Affected:
v6.0 to v6.9
Affected: v6.8 and v6.9 Affected: All versions Affected: v7.68.804, v7.66 Affected: All 6.x versions |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:11:36.330Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PTC Kepware KEPServerEX; ThingWorx Industrial Connectivity; OPC-Aggregator; Rockwell Automation KEPServer Enterprise; GE Digital Industrial Gateway Server; Software Toolbox TOP Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v6.0 to v6.9"
},
{
"status": "affected",
"version": "v6.8 and v6.9"
},
{
"status": "affected",
"version": "All versions"
},
{
"status": "affected",
"version": "v7.68.804, v7.66"
},
{
"status": "affected",
"version": "All 6.x versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions are vulnerable to a stack-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and remotely execute code."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "STACK-BASED BUFFER OVERFLOW CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-13T23:33:45",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-27265",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PTC Kepware KEPServerEX; ThingWorx Industrial Connectivity; OPC-Aggregator; Rockwell Automation KEPServer Enterprise; GE Digital Industrial Gateway Server; Software Toolbox TOP Server",
"version": {
"version_data": [
{
"version_value": "v6.0 to v6.9"
},
{
"version_value": "v6.8 and v6.9"
},
{
"version_value": "All versions"
},
{
"version_value": "All versions"
},
{
"version_value": "All versions"
},
{
"version_value": "v7.68.804, v7.66"
},
{
"version_value": "All 6.x versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions are vulnerable to a stack-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and remotely execute code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "STACK-BASED BUFFER OVERFLOW CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-27265",
"datePublished": "2021-01-13T23:33:45",
"dateReserved": "2020-10-19T00:00:00",
"dateUpdated": "2024-08-04T16:11:36.330Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27263 (GCVE-0-2020-27263)
Vulnerability from cvelistv5 – Published: 2021-01-13 23:30 – Updated: 2024-08-04 16:11
VLAI?
Summary
KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data.
Severity ?
No CVSS data available.
CWE
- CWE-122 - HEAP-BASED BUFFER OVERFLOW CWE-122
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| n/a | PTC Kepware KEPServerEX |
Affected:
v6.0 to v6.9
|
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:11:36.407Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PTC Kepware KEPServerEX",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v6.0 to v6.9"
}
]
},
{
"product": "ThingWorx Kepware Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v6.8 and v6.9"
}
]
},
{
"product": "ThingWorx Industrial Connectivity",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "OPC-Aggregator",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "Rockwell Automation KEPServer Enterprise",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "GE Digital Industrial Gateway Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v7.68.804"
},
{
"status": "affected",
"version": "v7.66"
}
]
},
{
"product": "Software Toolbox TOP Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All 6.x versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "HEAP-BASED BUFFER OVERFLOW CWE-122",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-13T23:30:08",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-27263",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PTC Kepware KEPServerEX",
"version": {
"version_data": [
{
"version_value": "v6.0 to v6.9"
}
]
}
},
{
"product_name": "ThingWorx Kepware Server",
"version": {
"version_data": [
{
"version_value": "v6.8 and v6.9"
}
]
}
},
{
"product_name": "ThingWorx Industrial Connectivity",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "OPC-Aggregator",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "Rockwell Automation KEPServer Enterprise",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "GE Digital Industrial Gateway Server",
"version": {
"version_data": [
{
"version_value": "v7.68.804"
},
{
"version_value": "v7.66"
}
]
}
},
{
"product_name": "Software Toolbox TOP Server",
"version": {
"version_data": [
{
"version_value": "All 6.x versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "HEAP-BASED BUFFER OVERFLOW CWE-122"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-27263",
"datePublished": "2021-01-13T23:30:08",
"dateReserved": "2020-10-19T00:00:00",
"dateUpdated": "2024-08-04T16:11:36.407Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27267 (GCVE-0-2020-27267)
Vulnerability from cvelistv5 – Published: 2021-01-13 23:25 – Updated: 2024-08-04 16:11
VLAI?
Summary
KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data.
Severity ?
No CVSS data available.
CWE
- CWE-416 - USE AFTER FREE CWE-416
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| n/a | PTC Kepware KEPServerEX |
Affected:
v6.0 to v6.9
|
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:11:36.412Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PTC Kepware KEPServerEX",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v6.0 to v6.9"
}
]
},
{
"product": "ThingWorx Kepware Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v6.8 and v6.9"
}
]
},
{
"product": "ThingWorx Industrial Connectivity",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "OPC-Aggregator",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "Rockwell Automation KEPServer Enterprise",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "GE Digital Industrial Gateway Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v7.68.804"
},
{
"status": "affected",
"version": "v7.66"
}
]
},
{
"product": "Software Toolbox TOP Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All 6.x versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "USE AFTER FREE CWE-416",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-13T23:25:07",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-27267",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PTC Kepware KEPServerEX",
"version": {
"version_data": [
{
"version_value": "v6.0 to v6.9"
}
]
}
},
{
"product_name": "ThingWorx Kepware Server",
"version": {
"version_data": [
{
"version_value": "v6.8 and v6.9"
}
]
}
},
{
"product_name": "ThingWorx Industrial Connectivity",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "OPC-Aggregator",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "Rockwell Automation KEPServer Enterprise",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "GE Digital Industrial Gateway Server",
"version": {
"version_data": [
{
"version_value": "v7.68.804"
},
{
"version_value": "v7.66"
}
]
}
},
{
"product_name": "Software Toolbox TOP Server",
"version": {
"version_data": [
{
"version_value": "All 6.x versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "USE AFTER FREE CWE-416"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-27267",
"datePublished": "2021-01-13T23:25:07",
"dateReserved": "2020-10-19T00:00:00",
"dateUpdated": "2024-08-04T16:11:36.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}