KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HGe Industrial Gateway Server
APPGe7.667.68.804Ptc Kepware Kepserverex
APPPtc6.06.9Ptc Opc Aggregator
APPPtcwszystkie wersjePtc Thingworx Industrial Connectivity
APPPtcwszystkie wersjePtc Thingworx Kepware Server
APPPtc6.86.9Rockwellautomation Kepserver Enterprise
APPRockwellautomation6.6.504.06.9.572.0Softwaretoolbox Top Server
APPSoftwaretoolbox6.0 – 6.9
Related vulnerabilities
Buffer overflow w KEPServerEX umożliwiający crash lub wyciek danych
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPS...
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPS...
The affected products are vulnerable to an improper validation of array index, which could allow an attacker ...
The affected products are vulnerable to an integer overflow or wraparound, which could allow an attacker to ...