CyberSec.Space Logo
Back to CVE Browser

CVE-2020-27267

CRITICAL
9.1
CVSS Severity Score
EPSS Score0.0640%
EPSS Percentile1.32th
PublishedJan 14, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data.

Affected Platforms (CPE)

πŸ“¦
Ge

Industrial Gateway Server

= 7.66
πŸ“¦
Ge

Industrial Gateway Server

= 7.68.804
πŸ“¦
Ptc

Kepware Kepserverex

= 6.0
πŸ“¦
Ptc

Kepware Kepserverex

= 6.9
πŸ“¦
Ptc

Opc Aggregator

All versions
πŸ“¦
Ptc

Thingworx Industrial Connectivity

All versions
πŸ“¦
Ptc

Thingworx Kepware Server

= 6.8
πŸ“¦
Ptc

Thingworx Kepware Server

= 6.9
πŸ“¦
Rockwellautomation

Kepserver Enterprise

= 6.6.504.0
πŸ“¦
Rockwellautomation

Kepserver Enterprise

= 6.9.572.0
πŸ“¦
Softwaretoolbox

Top Server

>= 6.0 and <= 6.9

References & Advisories

πŸ”— https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02
πŸ”— https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02

Related Vulnerabilities

CVE-2020-36929.8

u'Possible buffer overflow while updating output buffer for IMEI and Gateway Address due to lack of check of input validation for ...

CVE-2020-272659.8

KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregato...

CVE-2020-272639.1

KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregato...

CVE-2021-14605.3

A vulnerability in the Cisco IOx Application Framework of Cisco 809 Industrial Integrated Services Routers (Industrial ISRs), Cisc...