CVE-2020-27267
N/A
N/A
Summary
KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | PTC Kepware KEPServerEX | v6.0 to v6.9 | affected |
| n/a | ThingWorx Kepware Server | v6.8 and v6.9 | affected |
| n/a | ThingWorx Industrial Connectivity | All versions | affected |
| n/a | OPC-Aggregator | All versions | affected |
| n/a | Rockwell Automation KEPServer Enterprise | All versions | affected |
| n/a | GE Digital Industrial Gateway Server | v7.68.804 | affected |
| n/a | GE Digital Industrial Gateway Server | v7.66 | affected |
| n/a | Software Toolbox TOP Server | All 6.x versions | affected |
Weaknesses
- CWE-416: USE AFTER FREE CWE-416
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.