Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
9 vulnerabilities found for KEPServerEX by PTC
VAR-202101-0382
Vulnerability from variot - Updated: 2023-12-18 13:07KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data. PTC The following vulnerabilities exist in multiple products provided by the company. ‥ * Stack-based buffer overflow (CWE-121) - CVE-2020-27265 ‥ * Heap-based buffer overflow (CWE-122) - CVE-2020-27263 ‥ * Use of freed memory (use-after-free) (CWE-416) - CVE-2020-27267 ‥ * Inappropriate default permissions (CWE-276) - CVE-2020-13535The expected impact depends on each vulnerability, but it may be affected as follows. Kepware Kepserverex is an application software of American Kepware Company that can communicate with a variety of industrial equipment. The software supports more than 150 communication protocols and supports reliable real-time data for enterprises through a single platform. A security vulnerability exists in PTC Kepware KEPServerEX that could allow a remote attacker to cause the application to crash
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202101-0382",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "thingworx kepware server",
"scope": "eq",
"trust": 1.0,
"vendor": "ptc",
"version": "6.9"
},
{
"model": "kepware kepserverex",
"scope": "eq",
"trust": 1.0,
"vendor": "ptc",
"version": "6.9"
},
{
"model": "thingworx kepware server",
"scope": "eq",
"trust": 1.0,
"vendor": "ptc",
"version": "6.8"
},
{
"model": "kepserver enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "6.9.572.0"
},
{
"model": "industrial gateway server",
"scope": "eq",
"trust": 1.0,
"vendor": "ge",
"version": "7.68.804"
},
{
"model": "kepware kepserverex",
"scope": "eq",
"trust": 1.0,
"vendor": "ptc",
"version": "6.0"
},
{
"model": "opc-aggregator",
"scope": "eq",
"trust": 1.0,
"vendor": "ptc",
"version": null
},
{
"model": "kepserver enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "6.6.504.0"
},
{
"model": "top server",
"scope": "gte",
"trust": 1.0,
"vendor": "softwaretoolbox",
"version": "6.0"
},
{
"model": "industrial gateway server",
"scope": "eq",
"trust": 1.0,
"vendor": "ge",
"version": "7.66"
},
{
"model": "top server",
"scope": "lte",
"trust": 1.0,
"vendor": "softwaretoolbox",
"version": "6.9"
},
{
"model": "thingworx industrial connectivity",
"scope": "eq",
"trust": 1.0,
"vendor": "ptc",
"version": null
},
{
"model": "industrial gateway server",
"scope": "eq",
"trust": 0.8,
"vendor": "ge digital",
"version": "version 7.68.804 \u304a\u3088\u3073 version 7.66"
},
{
"model": "kepserverex",
"scope": "eq",
"trust": 0.8,
"vendor": "ptc",
"version": "version 6.0 \u304b\u3089 version 6.9"
},
{
"model": "kepware linkmaster",
"scope": "eq",
"trust": 0.8,
"vendor": "ptc",
"version": "version 3.0.94.0"
},
{
"model": "opc-aggregator",
"scope": "eq",
"trust": 0.8,
"vendor": "ptc",
"version": "\u3059\u3079\u3066"
},
{
"model": "thingworx industrial connectivity",
"scope": "eq",
"trust": 0.8,
"vendor": "ptc",
"version": "\u3059\u3079\u3066"
},
{
"model": "thingworx kepware server",
"scope": "eq",
"trust": 0.8,
"vendor": "ptc",
"version": "version 6.8 \u304a\u3088\u3073 version 6.9"
},
{
"model": "kepserver enterprise",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "top server",
"scope": "eq",
"trust": 0.8,
"vendor": "toolbox",
"version": "6\u7cfb\u306e\u3059\u3079\u3066"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"db": "NVD",
"id": "CVE-2020-27267"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ge:industrial_gateway_server:7.66:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ge:industrial_gateway_server:7.68.804:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ptc:kepware_kepserverex:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ptc:kepware_kepserverex:6.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ptc:opc-aggregator:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ptc:thingworx_industrial_connectivity:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ptc:thingworx_kepware_server:6.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ptc:thingworx_kepware_server:6.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rockwellautomation:kepserver_enterprise:6.6.504.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rockwellautomation:kepserver_enterprise:6.9.572.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:softwaretoolbox:top_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.9",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-27267"
}
]
},
"cve": "CVE-2020-27267",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-370757",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-010092",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-010092",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-010092",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 9.3,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-010092",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2020-010092",
"trust": 2.4,
"value": "Critical"
},
{
"author": "NVD",
"id": "CVE-2020-27267",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "IPA",
"id": "JVNDB-2020-010092",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202012-1299",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-370757",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-370757"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"db": "NVD",
"id": "CVE-2020-27267"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1299"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data. PTC The following vulnerabilities exist in multiple products provided by the company. \u2025 * Stack-based buffer overflow (CWE-121) - CVE-2020-27265 \u2025 * Heap-based buffer overflow (CWE-122) - CVE-2020-27263 \u2025 * Use of freed memory (use-after-free) (CWE-416) - CVE-2020-27267 \u2025 * Inappropriate default permissions (CWE-276) - CVE-2020-13535The expected impact depends on each vulnerability, but it may be affected as follows. Kepware Kepserverex is an application software of American Kepware Company that can communicate with a variety of industrial equipment. The software supports more than 150 communication protocols and supports reliable real-time data for enterprises through a single platform. A security vulnerability exists in PTC Kepware KEPServerEX that could allow a remote attacker to cause the application to crash",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-27267"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"db": "VULHUB",
"id": "VHN-370757"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-27267",
"trust": 2.5
},
{
"db": "ICS CERT",
"id": "ICSA-20-352-02",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU98489812",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-20-352-03",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010092",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1299",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.4481",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-370757",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-370757"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"db": "NVD",
"id": "CVE-2020-27267"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1299"
}
]
},
"id": "VAR-202101-0382",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-370757"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:07:19.736000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Customer Center",
"trust": 0.8,
"url": "https://digitalsupport.ge.com/communities/cc_login?starturl=%2fen_us%2fdownload%2figs-industrial-gateway-server-v7-xx"
},
{
"title": "GE Digital Product Security Advisory",
"trust": 0.8,
"url": "https://digitalsupport.ge.com/communities/servlet/filefield?returl=%2fcommunities%2fapex%2fknowledgedetail%3fid%3dka20h0000000dpqcaa%26lang%3den_us%26type%3darticle__kav\u0026entityid=ka20h00000013uhaaq\u0026field=file_1__body__s"
},
{
"title": "My Kepware Customer Self-Service Portal",
"trust": 0.8,
"url": "https://my.kepware.com/s/login/?ec=302\u0026starturl=%2fs%2f"
},
{
"title": "PTC eSupport",
"trust": 0.8,
"url": "https://support.ptc.com/appserver/common/login/ssl/login.jsp?dest=%2fappserver%2fcs%2fportal%2f\u0026msg=1"
},
{
"title": "Kepserver Enterprise",
"trust": 0.8,
"url": "https://rockwellautomation.custhelp.com/app/products/detail/categoryrecordid/rn_product_611/p/611/~/kepserver-enterprise"
},
{
"title": "CISA Advisory ICSA-20-352-02 - TOP Server OPC UA Server Interface Vulnerability",
"trust": 0.8,
"url": "https://support.softwaretoolbox.com/app/answers/detail/a_id/3924"
},
{
"title": "Kepware KEPServerEX Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=137769"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1299"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "CWE-121",
"trust": 0.8
},
{
"problemtype": "CWE-122",
"trust": 0.8
},
{
"problemtype": "CWE-416",
"trust": 0.8
},
{
"problemtype": "CWE-276",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-370757"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"db": "NVD",
"id": "CVE-2020-27267"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-13535"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-27263"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-27265"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-27267"
},
{
"trust": 0.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-03"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98489812"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4481/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27267"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-370757"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"db": "NVD",
"id": "CVE-2020-27267"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1299"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-370757"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"db": "NVD",
"id": "CVE-2020-27267"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1299"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-01-14T00:00:00",
"db": "VULHUB",
"id": "VHN-370757"
},
{
"date": "2020-12-21T09:01:13",
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"date": "2021-01-14T00:15:13.510000",
"db": "NVD",
"id": "CVE-2020-27267"
},
{
"date": "2020-12-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-1299"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-01-21T00:00:00",
"db": "VULHUB",
"id": "VHN-370757"
},
{
"date": "2020-12-21T09:01:13",
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"date": "2021-01-21T16:16:31.057000",
"db": "NVD",
"id": "CVE-2020-27267"
},
{
"date": "2021-01-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-1299"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-1299"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural PTC Product vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-1299"
}
],
"trust": 0.6
}
}
VAR-202101-0380
Vulnerability from variot - Updated: 2023-12-18 13:07KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions are vulnerable to a stack-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and remotely execute code. PTC The following vulnerabilities exist in multiple products provided by the company. ‥ * Stack-based buffer overflow (CWE-121) - CVE-2020-27265 ‥ * Heap-based buffer overflow (CWE-122) - CVE-2020-27263 ‥ * Use of freed memory (use-after-free) (CWE-416) - CVE-2020-27267 ‥ * Inappropriate default permissions (CWE-276) - CVE-2020-13535The expected impact depends on each vulnerability, but it may be affected as follows. Kepware Kepserverex is an application software of American Kepware Company that can communicate with a variety of industrial equipment. The software supports more than 150 communication protocols and supports reliable real-time data for enterprises through a single platform
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202101-0380",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "thingworx kepware server",
"scope": "eq",
"trust": 1.0,
"vendor": "ptc",
"version": "6.9"
},
{
"model": "kepware kepserverex",
"scope": "eq",
"trust": 1.0,
"vendor": "ptc",
"version": "6.9"
},
{
"model": "thingworx kepware server",
"scope": "eq",
"trust": 1.0,
"vendor": "ptc",
"version": "6.8"
},
{
"model": "kepserver enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "6.9.572.0"
},
{
"model": "industrial gateway server",
"scope": "eq",
"trust": 1.0,
"vendor": "ge",
"version": "7.68.804"
},
{
"model": "kepware kepserverex",
"scope": "eq",
"trust": 1.0,
"vendor": "ptc",
"version": "6.0"
},
{
"model": "opc-aggregator",
"scope": "eq",
"trust": 1.0,
"vendor": "ptc",
"version": null
},
{
"model": "kepserver enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "6.6.504.0"
},
{
"model": "top server",
"scope": "gte",
"trust": 1.0,
"vendor": "softwaretoolbox",
"version": "6.0"
},
{
"model": "industrial gateway server",
"scope": "eq",
"trust": 1.0,
"vendor": "ge",
"version": "7.66"
},
{
"model": "top server",
"scope": "lte",
"trust": 1.0,
"vendor": "softwaretoolbox",
"version": "6.9"
},
{
"model": "thingworx industrial connectivity",
"scope": "eq",
"trust": 1.0,
"vendor": "ptc",
"version": null
},
{
"model": "industrial gateway server",
"scope": "eq",
"trust": 0.8,
"vendor": "ge digital",
"version": "version 7.68.804 \u304a\u3088\u3073 version 7.66"
},
{
"model": "kepserverex",
"scope": "eq",
"trust": 0.8,
"vendor": "ptc",
"version": "version 6.0 \u304b\u3089 version 6.9"
},
{
"model": "kepware linkmaster",
"scope": "eq",
"trust": 0.8,
"vendor": "ptc",
"version": "version 3.0.94.0"
},
{
"model": "opc-aggregator",
"scope": "eq",
"trust": 0.8,
"vendor": "ptc",
"version": "\u3059\u3079\u3066"
},
{
"model": "thingworx industrial connectivity",
"scope": "eq",
"trust": 0.8,
"vendor": "ptc",
"version": "\u3059\u3079\u3066"
},
{
"model": "thingworx kepware server",
"scope": "eq",
"trust": 0.8,
"vendor": "ptc",
"version": "version 6.8 \u304a\u3088\u3073 version 6.9"
},
{
"model": "kepserver enterprise",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "top server",
"scope": "eq",
"trust": 0.8,
"vendor": "toolbox",
"version": "6\u7cfb\u306e\u3059\u3079\u3066"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"db": "NVD",
"id": "CVE-2020-27265"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ge:industrial_gateway_server:7.66:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ge:industrial_gateway_server:7.68.804:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ptc:kepware_kepserverex:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ptc:kepware_kepserverex:6.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ptc:opc-aggregator:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ptc:thingworx_industrial_connectivity:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ptc:thingworx_kepware_server:6.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ptc:thingworx_kepware_server:6.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rockwellautomation:kepserver_enterprise:6.6.504.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rockwellautomation:kepserver_enterprise:6.9.572.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:softwaretoolbox:top_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.9",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-27265"
}
]
},
"cve": "CVE-2020-27265",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-370753",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-010092",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-010092",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-010092",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 9.3,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-010092",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2020-010092",
"trust": 2.4,
"value": "Critical"
},
{
"author": "NVD",
"id": "CVE-2020-27265",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "IPA",
"id": "JVNDB-2020-010092",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202012-1305",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-370753",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-370753"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"db": "NVD",
"id": "CVE-2020-27265"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1305"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions are vulnerable to a stack-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and remotely execute code. PTC The following vulnerabilities exist in multiple products provided by the company. \u2025 * Stack-based buffer overflow (CWE-121) - CVE-2020-27265 \u2025 * Heap-based buffer overflow (CWE-122) - CVE-2020-27263 \u2025 * Use of freed memory (use-after-free) (CWE-416) - CVE-2020-27267 \u2025 * Inappropriate default permissions (CWE-276) - CVE-2020-13535The expected impact depends on each vulnerability, but it may be affected as follows. Kepware Kepserverex is an application software of American Kepware Company that can communicate with a variety of industrial equipment. The software supports more than 150 communication protocols and supports reliable real-time data for enterprises through a single platform",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-27265"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"db": "VULHUB",
"id": "VHN-370753"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-20-352-02",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2020-27265",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU98489812",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-20-352-03",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010092",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1305",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.4481",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-370753",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-370753"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"db": "NVD",
"id": "CVE-2020-27265"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1305"
}
]
},
"id": "VAR-202101-0380",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-370753"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:07:19.712000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Customer Center",
"trust": 0.8,
"url": "https://digitalsupport.ge.com/communities/cc_login?starturl=%2fen_us%2fdownload%2figs-industrial-gateway-server-v7-xx"
},
{
"title": "GE Digital Product Security Advisory",
"trust": 0.8,
"url": "https://digitalsupport.ge.com/communities/servlet/filefield?returl=%2fcommunities%2fapex%2fknowledgedetail%3fid%3dka20h0000000dpqcaa%26lang%3den_us%26type%3darticle__kav\u0026entityid=ka20h00000013uhaaq\u0026field=file_1__body__s"
},
{
"title": "My Kepware Customer Self-Service Portal",
"trust": 0.8,
"url": "https://my.kepware.com/s/login/?ec=302\u0026starturl=%2fs%2f"
},
{
"title": "PTC eSupport",
"trust": 0.8,
"url": "https://support.ptc.com/appserver/common/login/ssl/login.jsp?dest=%2fappserver%2fcs%2fportal%2f\u0026msg=1"
},
{
"title": "Kepserver Enterprise",
"trust": 0.8,
"url": "https://rockwellautomation.custhelp.com/app/products/detail/categoryrecordid/rn_product_611/p/611/~/kepserver-enterprise"
},
{
"title": "CISA Advisory ICSA-20-352-02 - TOP Server OPC UA Server Interface Vulnerability",
"trust": 0.8,
"url": "https://support.softwaretoolbox.com/app/answers/detail/a_id/3924"
},
{
"title": "Multiple Kepware Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=137773"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1305"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "CWE-121",
"trust": 0.8
},
{
"problemtype": "CWE-122",
"trust": 0.8
},
{
"problemtype": "CWE-416",
"trust": 0.8
},
{
"problemtype": "CWE-276",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-370753"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"db": "NVD",
"id": "CVE-2020-27265"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-13535"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-27263"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-27265"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-27267"
},
{
"trust": 0.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-03"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98489812"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4481/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27265"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-370753"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"db": "NVD",
"id": "CVE-2020-27265"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1305"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-370753"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"db": "NVD",
"id": "CVE-2020-27265"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1305"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-01-14T00:00:00",
"db": "VULHUB",
"id": "VHN-370753"
},
{
"date": "2020-12-21T09:01:13",
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"date": "2021-01-14T00:15:13.417000",
"db": "NVD",
"id": "CVE-2020-27265"
},
{
"date": "2020-12-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-1305"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-01-21T00:00:00",
"db": "VULHUB",
"id": "VHN-370753"
},
{
"date": "2020-12-21T09:01:13",
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"date": "2021-01-21T16:20:52.077000",
"db": "NVD",
"id": "CVE-2020-27265"
},
{
"date": "2021-01-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-1305"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-1305"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural PTC Product vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-1305"
}
],
"trust": 0.6
}
}
VAR-202101-0378
Vulnerability from variot - Updated: 2023-12-18 13:07KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data. PTC The following vulnerabilities exist in multiple products provided by the company. ‥ * Stack-based buffer overflow (CWE-121) - CVE-2020-27265 ‥ * Heap-based buffer overflow (CWE-122) - CVE-2020-27263 ‥ * Use of freed memory (use-after-free) (CWE-416) - CVE-2020-27267 ‥ * Inappropriate default permissions (CWE-276) - CVE-2020-13535The expected impact depends on each vulnerability, but it may be affected as follows. Kepware Kepserverex is an application software of American Kepware Company that can communicate with a variety of industrial equipment. The software supports more than 150 communication protocols and supports reliable real-time data for enterprises through a single platform
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202101-0378",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "thingworx kepware server",
"scope": "eq",
"trust": 1.0,
"vendor": "ptc",
"version": "6.9"
},
{
"model": "kepware kepserverex",
"scope": "eq",
"trust": 1.0,
"vendor": "ptc",
"version": "6.9"
},
{
"model": "thingworx kepware server",
"scope": "eq",
"trust": 1.0,
"vendor": "ptc",
"version": "6.8"
},
{
"model": "kepserver enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "6.9.572.0"
},
{
"model": "industrial gateway server",
"scope": "eq",
"trust": 1.0,
"vendor": "ge",
"version": "7.68.804"
},
{
"model": "kepware kepserverex",
"scope": "eq",
"trust": 1.0,
"vendor": "ptc",
"version": "6.0"
},
{
"model": "opc-aggregator",
"scope": "eq",
"trust": 1.0,
"vendor": "ptc",
"version": null
},
{
"model": "kepserver enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "6.6.504.0"
},
{
"model": "top server",
"scope": "gte",
"trust": 1.0,
"vendor": "softwaretoolbox",
"version": "6.0"
},
{
"model": "industrial gateway server",
"scope": "eq",
"trust": 1.0,
"vendor": "ge",
"version": "7.66"
},
{
"model": "top server",
"scope": "lte",
"trust": 1.0,
"vendor": "softwaretoolbox",
"version": "6.9"
},
{
"model": "thingworx industrial connectivity",
"scope": "eq",
"trust": 1.0,
"vendor": "ptc",
"version": null
},
{
"model": "industrial gateway server",
"scope": "eq",
"trust": 0.8,
"vendor": "ge digital",
"version": "version 7.68.804 \u304a\u3088\u3073 version 7.66"
},
{
"model": "kepserverex",
"scope": "eq",
"trust": 0.8,
"vendor": "ptc",
"version": "version 6.0 \u304b\u3089 version 6.9"
},
{
"model": "kepware linkmaster",
"scope": "eq",
"trust": 0.8,
"vendor": "ptc",
"version": "version 3.0.94.0"
},
{
"model": "opc-aggregator",
"scope": "eq",
"trust": 0.8,
"vendor": "ptc",
"version": "\u3059\u3079\u3066"
},
{
"model": "thingworx industrial connectivity",
"scope": "eq",
"trust": 0.8,
"vendor": "ptc",
"version": "\u3059\u3079\u3066"
},
{
"model": "thingworx kepware server",
"scope": "eq",
"trust": 0.8,
"vendor": "ptc",
"version": "version 6.8 \u304a\u3088\u3073 version 6.9"
},
{
"model": "kepserver enterprise",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "top server",
"scope": "eq",
"trust": 0.8,
"vendor": "toolbox",
"version": "6\u7cfb\u306e\u3059\u3079\u3066"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"db": "NVD",
"id": "CVE-2020-27263"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ge:industrial_gateway_server:7.66:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ge:industrial_gateway_server:7.68.804:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ptc:kepware_kepserverex:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ptc:kepware_kepserverex:6.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ptc:opc-aggregator:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ptc:thingworx_industrial_connectivity:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ptc:thingworx_kepware_server:6.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ptc:thingworx_kepware_server:6.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rockwellautomation:kepserver_enterprise:6.6.504.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rockwellautomation:kepserver_enterprise:6.9.572.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:softwaretoolbox:top_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.9",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-27263"
}
]
},
"cve": "CVE-2020-27263",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-370749",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-010092",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-010092",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-010092",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 9.3,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-010092",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2020-010092",
"trust": 2.4,
"value": "Critical"
},
{
"author": "NVD",
"id": "CVE-2020-27263",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "IPA",
"id": "JVNDB-2020-010092",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202012-1301",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-370749",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-370749"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"db": "NVD",
"id": "CVE-2020-27263"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1301"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data. PTC The following vulnerabilities exist in multiple products provided by the company. \u2025 * Stack-based buffer overflow (CWE-121) - CVE-2020-27265 \u2025 * Heap-based buffer overflow (CWE-122) - CVE-2020-27263 \u2025 * Use of freed memory (use-after-free) (CWE-416) - CVE-2020-27267 \u2025 * Inappropriate default permissions (CWE-276) - CVE-2020-13535The expected impact depends on each vulnerability, but it may be affected as follows. Kepware Kepserverex is an application software of American Kepware Company that can communicate with a variety of industrial equipment. The software supports more than 150 communication protocols and supports reliable real-time data for enterprises through a single platform",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-27263"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"db": "VULHUB",
"id": "VHN-370749"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-20-352-02",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2020-27263",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU98489812",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-20-352-03",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010092",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1301",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.4481",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-370749",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-370749"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"db": "NVD",
"id": "CVE-2020-27263"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1301"
}
]
},
"id": "VAR-202101-0378",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-370749"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:07:19.688000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Customer Center",
"trust": 0.8,
"url": "https://digitalsupport.ge.com/communities/cc_login?starturl=%2fen_us%2fdownload%2figs-industrial-gateway-server-v7-xx"
},
{
"title": "GE Digital Product Security Advisory",
"trust": 0.8,
"url": "https://digitalsupport.ge.com/communities/servlet/filefield?returl=%2fcommunities%2fapex%2fknowledgedetail%3fid%3dka20h0000000dpqcaa%26lang%3den_us%26type%3darticle__kav\u0026entityid=ka20h00000013uhaaq\u0026field=file_1__body__s"
},
{
"title": "My Kepware Customer Self-Service Portal",
"trust": 0.8,
"url": "https://my.kepware.com/s/login/?ec=302\u0026starturl=%2fs%2f"
},
{
"title": "PTC eSupport",
"trust": 0.8,
"url": "https://support.ptc.com/appserver/common/login/ssl/login.jsp?dest=%2fappserver%2fcs%2fportal%2f\u0026msg=1"
},
{
"title": "Kepserver Enterprise",
"trust": 0.8,
"url": "https://rockwellautomation.custhelp.com/app/products/detail/categoryrecordid/rn_product_611/p/611/~/kepserver-enterprise"
},
{
"title": "CISA Advisory ICSA-20-352-02 - TOP Server OPC UA Server Interface Vulnerability",
"trust": 0.8,
"url": "https://support.softwaretoolbox.com/app/answers/detail/a_id/3924"
},
{
"title": "PTC Kepware KEPServerEX Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=137540"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1301"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "CWE-121",
"trust": 0.8
},
{
"problemtype": "CWE-122",
"trust": 0.8
},
{
"problemtype": "CWE-416",
"trust": 0.8
},
{
"problemtype": "CWE-276",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-370749"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"db": "NVD",
"id": "CVE-2020-27263"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-13535"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-27263"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-27265"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-27267"
},
{
"trust": 0.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-03"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98489812"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4481/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27263"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-370749"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"db": "NVD",
"id": "CVE-2020-27263"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1301"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-370749"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"db": "NVD",
"id": "CVE-2020-27263"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-1301"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-01-14T00:00:00",
"db": "VULHUB",
"id": "VHN-370749"
},
{
"date": "2020-12-21T09:01:13",
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"date": "2021-01-14T00:15:13.353000",
"db": "NVD",
"id": "CVE-2020-27263"
},
{
"date": "2020-12-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-1301"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-01-21T00:00:00",
"db": "VULHUB",
"id": "VHN-370749"
},
{
"date": "2020-12-21T09:01:13",
"db": "JVNDB",
"id": "JVNDB-2020-010092"
},
{
"date": "2021-01-21T16:10:30.217000",
"db": "NVD",
"id": "CVE-2020-27263"
},
{
"date": "2021-01-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-1301"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-1301"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural PTC Product vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-010092"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-1301"
}
],
"trust": 0.6
}
}
CVE-2023-5909 (GCVE-0-2023-5909)
Vulnerability from nvd – Published: 2023-11-30 22:05 – Updated: 2026-02-25 17:20
VLAI
Title
Improper Validation of Certificate with Host Mismatch in PTC KEPServerEx
Summary
KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-297 - Improper Validation of Certificate with Host Mismatch
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.cisa.gov/news-events/ics-advisories/i… | government-resource |
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| PTC | KEPServerEX |
Affected:
0 , ≤ 6.14.263.0
(custom)
|
|
| PTC | ThingWorx Kepware Server |
Affected:
0 , ≤ 6.14.263.0
(custom)
|
|
| PTC | ThingWorx Industrial Connectivity |
Affected:
All versions
|
|
| PTC | OPC-Aggregator |
Affected:
0 , ≤ 6.14
(custom)
|
|
| PTC | ThingWorx Kepware Edge |
Affected:
0 , ≤ 1.7
(custom)
|
|
| Rockwell Automation | KEPServer Enterprise |
Affected:
0 , ≤ 6.14.263.0
(custom)
|
|
| GE Gigital | Industrial Gateway Server |
Affected:
0 , ≤ 7.614
(custom)
|
|
| Software Toolbox | TOP Server |
Affected:
0 , ≤ 6.14.263.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:14:24.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-03"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5909",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-12-09T05:06:00.963177Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T17:20:07.195Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "KEPServerEX",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "6.14.263.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThingWorx Kepware Server",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "6.14.263.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThingWorx Industrial Connectivity",
"vendor": "PTC",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "OPC-Aggregator",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "6.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThingWorx Kepware Edge",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "KEPServer Enterprise",
"vendor": "Rockwell Automation ",
"versions": [
{
"lessThanOrEqual": "6.14.263.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Industrial Gateway Server",
"vendor": "GE Gigital",
"versions": [
{
"lessThanOrEqual": "7.614",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TOP Server",
"vendor": "Software Toolbox",
"versions": [
{
"lessThanOrEqual": "6.14.263.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Shawn Hoffman"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eKEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect.\u003c/p\u003e\u003cbr\u003e\n\n\u003cbr\u003e\n\n"
}
],
"value": "\n\n\n\n\n\n\n\n\nKEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect.\n\n\n\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-297",
"description": "CWE-297 Improper Validation of Certificate with Host Mismatch",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-30T22:05:59.595Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-03"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003ePTC has released and recommends users to update to the following versions:\u003c/p\u003e\u003cul\u003e\u003cli\u003eKEPServerEX should upgrade to v6.15 or later\u003c/li\u003e\u003cli\u003eThingWorx Kepware Server should upgrade to v6.15 or later\u003c/li\u003e\u003cli\u003eThingWorx Industrial Connectivity should upgrade to ThingWorx Kepware Server v6.15 or later\u003c/li\u003e\u003cli\u003eOPC-Aggregator should upgrade to v6.15 or later\u003c/li\u003e\u003cli\u003eThingWorx Kepware Edge: Upgrade to v1.8 or later\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eRefer to secure configuration guide \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ptc.com/en/support/refdoc/ThingWorx_Kepware_Server/6.15/ThingWorx%20Kepware%20Server%20Secure%20Deployment%20Guide\"\u003ehere\u003c/a\u003e\u003c/p\u003e\u003cp\u003eIf additional questions remain, please contact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.ptc.com/apps/case_logger_viewer/cs/auth/ssl/log?\"\u003ePTC Technical Support\u003c/a\u003e\u003c/p\u003e\u003cp\u003eFor more information, see PTC\u0027s \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ptc.com/en/support/article/CS405439\"\u003eadvisory\u003c/a\u003e.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nPTC has released and recommends users to update to the following versions:\n\n * KEPServerEX should upgrade to v6.15 or later\n * ThingWorx Kepware Server should upgrade to v6.15 or later\n * ThingWorx Industrial Connectivity should upgrade to ThingWorx Kepware Server v6.15 or later\n * OPC-Aggregator should upgrade to v6.15 or later\n * ThingWorx Kepware Edge: Upgrade to v1.8 or later\n\n\nRefer to secure configuration guide here https://www.ptc.com/en/support/refdoc/ThingWorx_Kepware_Server/6.15/ThingWorx%20Kepware%20Server%20Secure%20Deployment%20Guide \n\nIf additional questions remain, please contact PTC Technical Support https://support.ptc.com/apps/case_logger_viewer/cs/auth/ssl/log \n\nFor more information, see PTC\u0027s advisory https://www.ptc.com/en/support/article/CS405439 .\n\n\n\n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Validation of Certificate with Host Mismatch in PTC KEPServerEx",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-5909",
"datePublished": "2023-11-30T22:05:59.595Z",
"dateReserved": "2023-11-01T16:18:45.060Z",
"dateUpdated": "2026-02-25T17:20:07.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-5908 (GCVE-0-2023-5908)
Vulnerability from nvd – Published: 2023-11-30 22:03 – Updated: 2024-08-02 08:14
VLAI
Title
Heap Based Buffer Overflow in PTC KEPServerEx
Summary
KEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information.
Severity
9.1 (Critical)
CWE
- CWE-122 - Heap-Based Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.cisa.gov/news-events/ics-advisories/i… | government-resource |
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| PTC | KEPServerEX |
Affected:
0 , ≤ 6.14.263.0
(custom)
|
|
| PTC | ThingWorx Kepware Server |
Affected:
0 , ≤ 6.14.263.0
(custom)
|
|
| PTC | ThingWorx Industrial Connectivity |
Affected:
All versions
|
|
| PTC | OPC-Aggregator |
Affected:
0 , ≤ 6.14
(custom)
|
|
| PTC | ThingWorx Kepware Edge |
Affected:
0 , ≤ 1.7
(custom)
|
|
| Rockwell Automation | KEPServer Enterprise |
Affected:
0 , ≤ 6.14.263.0
(custom)
|
|
| GE Gigital | Industrial Gateway Server |
Affected:
0 , ≤ 7.614
(custom)
|
|
| Software Toolbox | TOP Server |
Affected:
0 , ≤ 6.14.263.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:14:24.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "KEPServerEX",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "6.14.263.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThingWorx Kepware Server",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "6.14.263.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThingWorx Industrial Connectivity",
"vendor": "PTC",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "OPC-Aggregator",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "6.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThingWorx Kepware Edge",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "KEPServer Enterprise",
"vendor": "Rockwell Automation ",
"versions": [
{
"lessThanOrEqual": "6.14.263.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Industrial Gateway Server",
"vendor": "GE Gigital",
"versions": [
{
"lessThanOrEqual": "7.614",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TOP Server",
"vendor": "Software Toolbox",
"versions": [
{
"lessThanOrEqual": "6.14.263.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Shawn Hoffman"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eKEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information.\u003c/p\u003e\u003cbr\u003e\n\n"
}
],
"value": "\n\n\n\n\nKEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information.\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-Based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-30T22:03:58.098Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-03"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003ePTC has released and recommends users to update to the following versions:\u003c/p\u003e\u003cul\u003e\u003cli\u003eKEPServerEX should upgrade to v6.15 or later\u003c/li\u003e\u003cli\u003eThingWorx Kepware Server should upgrade to v6.15 or later\u003c/li\u003e\u003cli\u003eThingWorx Industrial Connectivity should upgrade to ThingWorx Kepware Server v6.15 or later\u003c/li\u003e\u003cli\u003eOPC-Aggregator should upgrade to v6.15 or later\u003c/li\u003e\u003cli\u003eThingWorx Kepware Edge: Upgrade to v1.8 or later\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eRefer to secure configuration guide \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ptc.com/en/support/refdoc/ThingWorx_Kepware_Server/6.15/ThingWorx%20Kepware%20Server%20Secure%20Deployment%20Guide\"\u003ehere\u003c/a\u003e\u003c/p\u003e\u003cp\u003eIf additional questions remain, please contact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.ptc.com/apps/case_logger_viewer/cs/auth/ssl/log?\"\u003ePTC Technical Support\u003c/a\u003e\u003c/p\u003e\u003cp\u003eFor more information, see PTC\u0027s \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ptc.com/en/support/article/CS405439\"\u003eadvisory\u003c/a\u003e.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nPTC has released and recommends users to update to the following versions:\n\n * KEPServerEX should upgrade to v6.15 or later\n * ThingWorx Kepware Server should upgrade to v6.15 or later\n * ThingWorx Industrial Connectivity should upgrade to ThingWorx Kepware Server v6.15 or later\n * OPC-Aggregator should upgrade to v6.15 or later\n * ThingWorx Kepware Edge: Upgrade to v1.8 or later\n\n\nRefer to secure configuration guide here https://www.ptc.com/en/support/refdoc/ThingWorx_Kepware_Server/6.15/ThingWorx%20Kepware%20Server%20Secure%20Deployment%20Guide \n\nIf additional questions remain, please contact PTC Technical Support https://support.ptc.com/apps/case_logger_viewer/cs/auth/ssl/log \n\nFor more information, see PTC\u0027s advisory https://www.ptc.com/en/support/article/CS405439 .\n\n\n\n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Heap Based Buffer Overflow in PTC KEPServerEx",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-5908",
"datePublished": "2023-11-30T22:03:58.098Z",
"dateReserved": "2023-11-01T16:18:42.353Z",
"dateUpdated": "2024-08-02T08:14:24.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3825 (GCVE-0-2023-3825)
Vulnerability from nvd – Published: 2023-07-31 22:53 – Updated: 2024-10-21 18:15
VLAI
Summary
PTC’s KEPServerEX Versions 6.0 to 6.14.263 are vulnerable to being made to read a recursively defined object that leads to uncontrolled resource consumption. KEPServerEX uses OPC UA, a protocol which defines various object types that can be nested to create complex arrays. It does not implement a check to see if such an object is recursively defined, so an attack could send a maliciously created message that the decoder would try to decode until the stack overflowed and the device crashed.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.cisa.gov/news-events/ics-advisories/i… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| PTC | KEPServerEX |
Affected:
6.0 , ≤ 6.14.263
(custom)
|
Date Public
2023-07-27 16:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.528Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3825",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T18:15:33.689180Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T18:15:51.966Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "KEPServerEX",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "6.14.263",
"status": "affected",
"version": "6.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Claroty Team82"
}
],
"datePublic": "2023-07-27T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePTC\u2019s KEPServerEX Versions 6.0 to 6.14.263 are vulnerable to being made to read a recursively defined object that leads to uncontrolled resource consumption. KEPServerEX uses OPC UA, a protocol which defines various object types that can be nested to create complex arrays. It does not implement a check to see if such an object is recursively defined, so an attack could send a maliciously created message that the decoder would try to decode until the stack overflowed and the device crashed.\u003c/span\u003e\n\n"
}
],
"value": "\nPTC\u2019s KEPServerEX Versions 6.0 to 6.14.263 are vulnerable to being made to read a recursively defined object that leads to uncontrolled resource consumption. KEPServerEX uses OPC UA, a protocol which defines various object types that can be nested to create complex arrays. It does not implement a check to see if such an object is recursively defined, so an attack could send a maliciously created message that the decoder would try to decode until the stack overflowed and the device crashed.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-31T22:53:56.568Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-02"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-3825",
"datePublished": "2023-07-31T22:53:56.568Z",
"dateReserved": "2023-07-21T20:08:42.706Z",
"dateUpdated": "2024-10-21T18:15:51.966Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5909 (GCVE-0-2023-5909)
Vulnerability from cvelistv5 – Published: 2023-11-30 22:05 – Updated: 2026-02-25 17:20
VLAI
Title
Improper Validation of Certificate with Host Mismatch in PTC KEPServerEx
Summary
KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-297 - Improper Validation of Certificate with Host Mismatch
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.cisa.gov/news-events/ics-advisories/i… | government-resource |
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| PTC | KEPServerEX |
Affected:
0 , ≤ 6.14.263.0
(custom)
|
|
| PTC | ThingWorx Kepware Server |
Affected:
0 , ≤ 6.14.263.0
(custom)
|
|
| PTC | ThingWorx Industrial Connectivity |
Affected:
All versions
|
|
| PTC | OPC-Aggregator |
Affected:
0 , ≤ 6.14
(custom)
|
|
| PTC | ThingWorx Kepware Edge |
Affected:
0 , ≤ 1.7
(custom)
|
|
| Rockwell Automation | KEPServer Enterprise |
Affected:
0 , ≤ 6.14.263.0
(custom)
|
|
| GE Gigital | Industrial Gateway Server |
Affected:
0 , ≤ 7.614
(custom)
|
|
| Software Toolbox | TOP Server |
Affected:
0 , ≤ 6.14.263.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:14:24.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-03"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5909",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-12-09T05:06:00.963177Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T17:20:07.195Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "KEPServerEX",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "6.14.263.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThingWorx Kepware Server",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "6.14.263.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThingWorx Industrial Connectivity",
"vendor": "PTC",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "OPC-Aggregator",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "6.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThingWorx Kepware Edge",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "KEPServer Enterprise",
"vendor": "Rockwell Automation ",
"versions": [
{
"lessThanOrEqual": "6.14.263.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Industrial Gateway Server",
"vendor": "GE Gigital",
"versions": [
{
"lessThanOrEqual": "7.614",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TOP Server",
"vendor": "Software Toolbox",
"versions": [
{
"lessThanOrEqual": "6.14.263.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Shawn Hoffman"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eKEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect.\u003c/p\u003e\u003cbr\u003e\n\n\u003cbr\u003e\n\n"
}
],
"value": "\n\n\n\n\n\n\n\n\nKEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect.\n\n\n\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-297",
"description": "CWE-297 Improper Validation of Certificate with Host Mismatch",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-30T22:05:59.595Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-03"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003ePTC has released and recommends users to update to the following versions:\u003c/p\u003e\u003cul\u003e\u003cli\u003eKEPServerEX should upgrade to v6.15 or later\u003c/li\u003e\u003cli\u003eThingWorx Kepware Server should upgrade to v6.15 or later\u003c/li\u003e\u003cli\u003eThingWorx Industrial Connectivity should upgrade to ThingWorx Kepware Server v6.15 or later\u003c/li\u003e\u003cli\u003eOPC-Aggregator should upgrade to v6.15 or later\u003c/li\u003e\u003cli\u003eThingWorx Kepware Edge: Upgrade to v1.8 or later\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eRefer to secure configuration guide \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ptc.com/en/support/refdoc/ThingWorx_Kepware_Server/6.15/ThingWorx%20Kepware%20Server%20Secure%20Deployment%20Guide\"\u003ehere\u003c/a\u003e\u003c/p\u003e\u003cp\u003eIf additional questions remain, please contact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.ptc.com/apps/case_logger_viewer/cs/auth/ssl/log?\"\u003ePTC Technical Support\u003c/a\u003e\u003c/p\u003e\u003cp\u003eFor more information, see PTC\u0027s \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ptc.com/en/support/article/CS405439\"\u003eadvisory\u003c/a\u003e.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nPTC has released and recommends users to update to the following versions:\n\n * KEPServerEX should upgrade to v6.15 or later\n * ThingWorx Kepware Server should upgrade to v6.15 or later\n * ThingWorx Industrial Connectivity should upgrade to ThingWorx Kepware Server v6.15 or later\n * OPC-Aggregator should upgrade to v6.15 or later\n * ThingWorx Kepware Edge: Upgrade to v1.8 or later\n\n\nRefer to secure configuration guide here https://www.ptc.com/en/support/refdoc/ThingWorx_Kepware_Server/6.15/ThingWorx%20Kepware%20Server%20Secure%20Deployment%20Guide \n\nIf additional questions remain, please contact PTC Technical Support https://support.ptc.com/apps/case_logger_viewer/cs/auth/ssl/log \n\nFor more information, see PTC\u0027s advisory https://www.ptc.com/en/support/article/CS405439 .\n\n\n\n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Validation of Certificate with Host Mismatch in PTC KEPServerEx",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-5909",
"datePublished": "2023-11-30T22:05:59.595Z",
"dateReserved": "2023-11-01T16:18:45.060Z",
"dateUpdated": "2026-02-25T17:20:07.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-5908 (GCVE-0-2023-5908)
Vulnerability from cvelistv5 – Published: 2023-11-30 22:03 – Updated: 2024-08-02 08:14
VLAI
Title
Heap Based Buffer Overflow in PTC KEPServerEx
Summary
KEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information.
Severity
9.1 (Critical)
CWE
- CWE-122 - Heap-Based Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.cisa.gov/news-events/ics-advisories/i… | government-resource |
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| PTC | KEPServerEX |
Affected:
0 , ≤ 6.14.263.0
(custom)
|
|
| PTC | ThingWorx Kepware Server |
Affected:
0 , ≤ 6.14.263.0
(custom)
|
|
| PTC | ThingWorx Industrial Connectivity |
Affected:
All versions
|
|
| PTC | OPC-Aggregator |
Affected:
0 , ≤ 6.14
(custom)
|
|
| PTC | ThingWorx Kepware Edge |
Affected:
0 , ≤ 1.7
(custom)
|
|
| Rockwell Automation | KEPServer Enterprise |
Affected:
0 , ≤ 6.14.263.0
(custom)
|
|
| GE Gigital | Industrial Gateway Server |
Affected:
0 , ≤ 7.614
(custom)
|
|
| Software Toolbox | TOP Server |
Affected:
0 , ≤ 6.14.263.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:14:24.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "KEPServerEX",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "6.14.263.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThingWorx Kepware Server",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "6.14.263.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThingWorx Industrial Connectivity",
"vendor": "PTC",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "OPC-Aggregator",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "6.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThingWorx Kepware Edge",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "KEPServer Enterprise",
"vendor": "Rockwell Automation ",
"versions": [
{
"lessThanOrEqual": "6.14.263.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Industrial Gateway Server",
"vendor": "GE Gigital",
"versions": [
{
"lessThanOrEqual": "7.614",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TOP Server",
"vendor": "Software Toolbox",
"versions": [
{
"lessThanOrEqual": "6.14.263.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Shawn Hoffman"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eKEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information.\u003c/p\u003e\u003cbr\u003e\n\n"
}
],
"value": "\n\n\n\n\nKEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information.\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-Based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-30T22:03:58.098Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-03"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003ePTC has released and recommends users to update to the following versions:\u003c/p\u003e\u003cul\u003e\u003cli\u003eKEPServerEX should upgrade to v6.15 or later\u003c/li\u003e\u003cli\u003eThingWorx Kepware Server should upgrade to v6.15 or later\u003c/li\u003e\u003cli\u003eThingWorx Industrial Connectivity should upgrade to ThingWorx Kepware Server v6.15 or later\u003c/li\u003e\u003cli\u003eOPC-Aggregator should upgrade to v6.15 or later\u003c/li\u003e\u003cli\u003eThingWorx Kepware Edge: Upgrade to v1.8 or later\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eRefer to secure configuration guide \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ptc.com/en/support/refdoc/ThingWorx_Kepware_Server/6.15/ThingWorx%20Kepware%20Server%20Secure%20Deployment%20Guide\"\u003ehere\u003c/a\u003e\u003c/p\u003e\u003cp\u003eIf additional questions remain, please contact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.ptc.com/apps/case_logger_viewer/cs/auth/ssl/log?\"\u003ePTC Technical Support\u003c/a\u003e\u003c/p\u003e\u003cp\u003eFor more information, see PTC\u0027s \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ptc.com/en/support/article/CS405439\"\u003eadvisory\u003c/a\u003e.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nPTC has released and recommends users to update to the following versions:\n\n * KEPServerEX should upgrade to v6.15 or later\n * ThingWorx Kepware Server should upgrade to v6.15 or later\n * ThingWorx Industrial Connectivity should upgrade to ThingWorx Kepware Server v6.15 or later\n * OPC-Aggregator should upgrade to v6.15 or later\n * ThingWorx Kepware Edge: Upgrade to v1.8 or later\n\n\nRefer to secure configuration guide here https://www.ptc.com/en/support/refdoc/ThingWorx_Kepware_Server/6.15/ThingWorx%20Kepware%20Server%20Secure%20Deployment%20Guide \n\nIf additional questions remain, please contact PTC Technical Support https://support.ptc.com/apps/case_logger_viewer/cs/auth/ssl/log \n\nFor more information, see PTC\u0027s advisory https://www.ptc.com/en/support/article/CS405439 .\n\n\n\n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Heap Based Buffer Overflow in PTC KEPServerEx",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-5908",
"datePublished": "2023-11-30T22:03:58.098Z",
"dateReserved": "2023-11-01T16:18:42.353Z",
"dateUpdated": "2024-08-02T08:14:24.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3825 (GCVE-0-2023-3825)
Vulnerability from cvelistv5 – Published: 2023-07-31 22:53 – Updated: 2024-10-21 18:15
VLAI
Summary
PTC’s KEPServerEX Versions 6.0 to 6.14.263 are vulnerable to being made to read a recursively defined object that leads to uncontrolled resource consumption. KEPServerEX uses OPC UA, a protocol which defines various object types that can be nested to create complex arrays. It does not implement a check to see if such an object is recursively defined, so an attack could send a maliciously created message that the decoder would try to decode until the stack overflowed and the device crashed.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.cisa.gov/news-events/ics-advisories/i… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| PTC | KEPServerEX |
Affected:
6.0 , ≤ 6.14.263
(custom)
|
Date Public
2023-07-27 16:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.528Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3825",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T18:15:33.689180Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T18:15:51.966Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "KEPServerEX",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "6.14.263",
"status": "affected",
"version": "6.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Claroty Team82"
}
],
"datePublic": "2023-07-27T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePTC\u2019s KEPServerEX Versions 6.0 to 6.14.263 are vulnerable to being made to read a recursively defined object that leads to uncontrolled resource consumption. KEPServerEX uses OPC UA, a protocol which defines various object types that can be nested to create complex arrays. It does not implement a check to see if such an object is recursively defined, so an attack could send a maliciously created message that the decoder would try to decode until the stack overflowed and the device crashed.\u003c/span\u003e\n\n"
}
],
"value": "\nPTC\u2019s KEPServerEX Versions 6.0 to 6.14.263 are vulnerable to being made to read a recursively defined object that leads to uncontrolled resource consumption. KEPServerEX uses OPC UA, a protocol which defines various object types that can be nested to create complex arrays. It does not implement a check to see if such an object is recursively defined, so an attack could send a maliciously created message that the decoder would try to decode until the stack overflowed and the device crashed.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-31T22:53:56.568Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-02"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-3825",
"datePublished": "2023-07-31T22:53:56.568Z",
"dateReserved": "2023-07-21T20:08:42.706Z",
"dateUpdated": "2024-10-21T18:15:51.966Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}