CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2020-27267

CRITICAL
9.1
CVSS Severity Score
EPSS Score0.0640%
EPSS Percentile1.32th
Published2021年1月14日
Last Modified2024年11月21日

Vulnerability Description

KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data.

Affected Platforms (CPE)

📦
Ge

Industrial Gateway Server

= 7.66
📦
Ge

Industrial Gateway Server

= 7.68.804
📦
Ptc

Kepware Kepserverex

= 6.0
📦
Ptc

Kepware Kepserverex

= 6.9
📦
Ptc

Opc Aggregator

All versions
📦
Ptc

Thingworx Industrial Connectivity

All versions
📦
Ptc

Thingworx Kepware Server

= 6.8
📦
Ptc

Thingworx Kepware Server

= 6.9
📦
Rockwellautomation

Kepserver Enterprise

= 6.6.504.0
📦
Rockwellautomation

Kepserver Enterprise

= 6.9.572.0
📦
Softwaretoolbox

Top Server

>= 6.0 and <= 6.9

References & Advisories

🔗 https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02
🔗 https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02

相關漏洞威脅

CVE-2020-36929.8

u'Possible buffer overflow while updating output buffer for IMEI and Gateway Address due to lack of check of input validation for ...

CVE-2020-272659.8

KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregato...

CVE-2020-272639.1

KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregato...

CVE-2021-14605.3

A vulnerability in the Cisco IOx Application Framework of Cisco 809 Industrial Integrated Services Routers (Industrial ISRs), Cisc...