CyberSec.Space Logo
CVEブラウザに戻る

CVE-2020-27265

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0720%
EPSS Percentile23.16th
Published2021年1月14日
Last Modified2024年11月21日

Vulnerability Description

KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions are vulnerable to a stack-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and remotely execute code.

Affected Platforms (CPE)

📦
Ge

Industrial Gateway Server

= 7.66
📦
Ge

Industrial Gateway Server

= 7.68.804
📦
Ptc

Kepware Kepserverex

= 6.0
📦
Ptc

Kepware Kepserverex

= 6.9
📦
Ptc

Opc Aggregator

All versions
📦
Ptc

Thingworx Industrial Connectivity

All versions
📦
Ptc

Thingworx Kepware Server

= 6.8
📦
Ptc

Thingworx Kepware Server

= 6.9
📦
Rockwellautomation

Kepserver Enterprise

= 6.6.504.0
📦
Rockwellautomation

Kepserver Enterprise

= 6.9.572.0
📦
Softwaretoolbox

Top Server

>= 6.0 and <= 6.9

References & Advisories

🔗 https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02
🔗 https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02

関連する脆弱性情報

CVE-2020-36929.8

u'Possible buffer overflow while updating output buffer for IMEI and Gateway Address due to lack of check of input validation for ...

CVE-2020-272639.1

KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregato...

CVE-2020-272679.1

KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator...

CVE-2021-14605.3

A vulnerability in the Cisco IOx Application Framework of Cisco 809 Industrial Integrated Services Routers (Industrial ISRs), Cisc...