CRITICAL🇵🇱 Wersja polska

CVE-2020-27265

CVSS 9.8v3.1pub. 2021-01-14upd. 2024-11-21

KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions are vulnerable to a stack-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and remotely execute code.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Ge Industrial Gateway Server

    APP
    Ge
    7.667.68.804
  • Ptc Kepware Kepserverex

    APP
    Ptc
    6.06.9
  • Ptc Opc Aggregator

    APP
    Ptc
    wszystkie wersje
  • Ptc Thingworx Industrial Connectivity

    APP
    Ptc
    wszystkie wersje
  • Ptc Thingworx Kepware Server

    APP
    Ptc
    6.86.9
  • Rockwellautomation Kepserver Enterprise

    APP
    Rockwellautomation
    6.6.504.06.9.572.0
  • Softwaretoolbox Top Server

    APP
    Softwaretoolbox
    6.0 – 6.9
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2023-5908CRITICAL9.1PL ✓ten sam produkt

Buffer overflow w KEPServerEX umożliwiający crash lub wyciek danych

CVE-2022-2848CRITICAL9.1ten sam produkt

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPS...

CVE-2022-2825CRITICAL9.8ten sam produkt

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPS...

CVE-2023-0755CRITICAL9.8ten sam produkt

The affected products are vulnerable to an improper validation of array index, which could allow an attacker ...

CVE-2023-0754CRITICAL9.8ten sam produkt

The affected products are vulnerable to an integer overflow or wraparound, which could  allow an attacker to ...