CVE-2020-27263
published 2021-01-14CVE-2020-27263: KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell…
PriorityP357critical9.1CVSS 3.1
AVNACLPRNUINSUCHINAH
EPSS
4.94%
91.1th percentile
KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ge | industrial_gateway_server | — | — |
| ge | industrial_gateway_server | — | — |
| ptc | kepware_kepserverex | — | — |
| ptc | kepware_kepserverex | — | — |
| ptc | thingworx_kepware_server | — | — |
| ptc | thingworx_kepware_server | — | — |
| ptc | thingworx_kepware_server | — | — |
| rockwellautomation | kepserver_enterprise | — | — |
| rockwellautomation | kepserver_enterprise | — | — |
| softwaretoolbox | top_server | 6.0 – 6.9 | — |
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-66v8-hp22-2q37: KEPServerEX: v6
ghsa_unreviewed·2022-05-24
CVE-2020-27263 [CRITICAL] CWE-787 GHSA-66v8-hp22-2q37: KEPServerEX: v6
KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data.
CISA ICS
PTC Kepware KEPServerEX (Update A)
cisa_ics·2020-12-17·CVSS 9.8
[CRITICAL] PTC Kepware KEPServerEX (Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
PTC Kepware KEPServerEX (Update A)
Last RevisedJanuary 05, 2021
Alert CodeICSA-20-352-02
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: PTC
- Equipment: Kepware KEPServerEX
- Vulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow, Use After Free
## 2. UPDATE INFORMATION
This updated advisory is a follow-up to the original advisory titled ICSA-20-352-02 PTC Kepware KEPServerEX that was published December 17, 2020, on the ICS webpage on us-cert.cisa.gov.
## 3. RISK EVALUATION
Successful exploit
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-01-14
Published