CVE-2020-27267

Summary

KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data.

Affected Software

VendorProductVersion RangeStatus
n/aPTC Kepware KEPServerEXv6.0 to v6.9affected
n/aThingWorx Kepware Serverv6.8 and v6.9affected
n/aThingWorx Industrial ConnectivityAll versionsaffected
n/aOPC-AggregatorAll versionsaffected
n/aRockwell Automation KEPServer EnterpriseAll versionsaffected
n/aGE Digital Industrial Gateway Serverv7.68.804affected
n/aGE Digital Industrial Gateway Serverv7.66affected
n/aSoftware Toolbox TOP ServerAll 6.x versionsaffected

Weaknesses

  • CWE-416: USE AFTER FREE CWE-416

ADP Enrichment

CVE Program Container

Additional References

References