CVE-2020-27263

Summary

KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data.

Affected Software

VendorProductVersion RangeStatus
n/aPTC Kepware KEPServerEXv6.0 to v6.9affected
n/aThingWorx Kepware Serverv6.8 and v6.9affected
n/aThingWorx Industrial ConnectivityAll versionsaffected
n/aOPC-AggregatorAll versionsaffected
n/aRockwell Automation KEPServer EnterpriseAll versionsaffected
n/aGE Digital Industrial Gateway Serverv7.68.804affected
n/aGE Digital Industrial Gateway Serverv7.66affected
n/aSoftware Toolbox TOP ServerAll 6.x versionsaffected

Weaknesses

  • CWE-122: HEAP-BASED BUFFER OVERFLOW CWE-122

ADP Enrichment

CVE Program Container

Additional References

References