CVE-2020-27263
N/A
N/A
Summary
KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | PTC Kepware KEPServerEX | v6.0 to v6.9 | affected |
| n/a | ThingWorx Kepware Server | v6.8 and v6.9 | affected |
| n/a | ThingWorx Industrial Connectivity | All versions | affected |
| n/a | OPC-Aggregator | All versions | affected |
| n/a | Rockwell Automation KEPServer Enterprise | All versions | affected |
| n/a | GE Digital Industrial Gateway Server | v7.68.804 | affected |
| n/a | GE Digital Industrial Gateway Server | v7.66 | affected |
| n/a | Software Toolbox TOP Server | All 6.x versions | affected |
Weaknesses
- CWE-122: HEAP-BASED BUFFER OVERFLOW CWE-122
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.