Vulnerabilites related to softwaretoolbox - top_server
CVE-2022-2848 (GCVE-0-2022-2848)
Vulnerability from cvelistv5
Published
2023-03-29 00:00
Modified
2025-02-18 16:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Summary
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-16486.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kepware | KEPServerEX |
Version: 6.11.718.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:52:58.526Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-10"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1454/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2848",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T15:45:30.371828Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T16:42:21.939Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "KEPServerEX",
"vendor": "Kepware",
"versions": [
{
"status": "affected",
"version": "6.11.718.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Vera Mens, Uri Katz, Sharon Brizinov of Claroty Research"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-16486."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-20T00:00:00.000Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-10"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1454/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2022-2848",
"datePublished": "2023-03-29T00:00:00.000Z",
"dateReserved": "2022-08-16T00:00:00.000Z",
"dateUpdated": "2025-02-18T16:42:21.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2804 (GCVE-0-2013-2804)
Vulnerability from cvelistv5
Published
2013-08-28 01:00
Modified
2024-09-16 19:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The DNP Master Driver in Software Toolbox TOP Server before 5.12.140.0 allows remote attackers to cause a denial of service (master-station infinite loop) via crafted DNP3 packets to TCP port 20000 and allows physically proximate attackers to cause a denial of service (master-station infinite loop) via crafted input over a serial line.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:52:21.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.softwaretoolbox.com/app/answers/detail/a_id/3014"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-234-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The DNP Master Driver in Software Toolbox TOP Server before 5.12.140.0 allows remote attackers to cause a denial of service (master-station infinite loop) via crafted DNP3 packets to TCP port 20000 and allows physically proximate attackers to cause a denial of service (master-station infinite loop) via crafted input over a serial line."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-08-28T01:00:00Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.softwaretoolbox.com/app/answers/detail/a_id/3014"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-234-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2013-2804",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DNP Master Driver in Software Toolbox TOP Server before 5.12.140.0 allows remote attackers to cause a denial of service (master-station infinite loop) via crafted DNP3 packets to TCP port 20000 and allows physically proximate attackers to cause a denial of service (master-station infinite loop) via crafted input over a serial line."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.softwaretoolbox.com/app/answers/detail/a_id/3014",
"refsource": "CONFIRM",
"url": "http://support.softwaretoolbox.com/app/answers/detail/a_id/3014"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-13-234-02",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-234-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2013-2804",
"datePublished": "2013-08-28T01:00:00Z",
"dateReserved": "2013-04-11T00:00:00Z",
"dateUpdated": "2024-09-16T19:39:55.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2825 (GCVE-0-2022-2825)
Vulnerability from cvelistv5
Published
2023-03-29 00:00
Modified
2025-02-18 16:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-121 - Stack-based Buffer Overflow
Summary
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-18411.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kepware | KEPServerEX |
Version: 6.11.718.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:52:58.837Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1455/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-10"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-2825",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T15:48:06.564232Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T16:16:11.214Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "KEPServerEX",
"vendor": "Kepware",
"versions": [
{
"status": "affected",
"version": "6.11.718.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Vera Mens, Uri Katz, Sharon Brizinov of Claroty Research"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-18411."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-20T00:00:00.000Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1455/"
},
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-10"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2022-2825",
"datePublished": "2023-03-29T00:00:00.000Z",
"dateReserved": "2022-08-15T00:00:00.000Z",
"dateUpdated": "2025-02-18T16:16:11.214Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27263 (GCVE-0-2020-27263)
Vulnerability from cvelistv5
Published
2021-01-13 23:30
Modified
2024-08-04 16:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - HEAP-BASED BUFFER OVERFLOW
Summary
KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | n/a | PTC Kepware KEPServerEX |
Version: v6.0 to v6.9 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:11:36.407Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PTC Kepware KEPServerEX",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v6.0 to v6.9"
}
]
},
{
"product": "ThingWorx Kepware Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v6.8 and v6.9"
}
]
},
{
"product": "ThingWorx Industrial Connectivity",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "OPC-Aggregator",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "Rockwell Automation KEPServer Enterprise",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "GE Digital Industrial Gateway Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v7.68.804"
},
{
"status": "affected",
"version": "v7.66"
}
]
},
{
"product": "Software Toolbox TOP Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All 6.x versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "HEAP-BASED BUFFER OVERFLOW CWE-122",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-13T23:30:08",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-27263",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PTC Kepware KEPServerEX",
"version": {
"version_data": [
{
"version_value": "v6.0 to v6.9"
}
]
}
},
{
"product_name": "ThingWorx Kepware Server",
"version": {
"version_data": [
{
"version_value": "v6.8 and v6.9"
}
]
}
},
{
"product_name": "ThingWorx Industrial Connectivity",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "OPC-Aggregator",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "Rockwell Automation KEPServer Enterprise",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "GE Digital Industrial Gateway Server",
"version": {
"version_data": [
{
"version_value": "v7.68.804"
},
{
"version_value": "v7.66"
}
]
}
},
{
"product_name": "Software Toolbox TOP Server",
"version": {
"version_data": [
{
"version_value": "All 6.x versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "HEAP-BASED BUFFER OVERFLOW CWE-122"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-27263",
"datePublished": "2021-01-13T23:30:08",
"dateReserved": "2020-10-19T00:00:00",
"dateUpdated": "2024-08-04T16:11:36.407Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5908 (GCVE-0-2023-5908)
Vulnerability from cvelistv5
Published
2023-11-30 22:03
Modified
2024-08-02 08:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-Based Buffer Overflow
Summary
KEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | PTC | KEPServerEX |
Version: 0 < |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:14:24.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "KEPServerEX",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "6.14.263.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThingWorx Kepware Server",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "6.14.263.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThingWorx Industrial Connectivity",
"vendor": "PTC",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "OPC-Aggregator",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "6.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThingWorx Kepware Edge",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "KEPServer Enterprise",
"vendor": "Rockwell Automation ",
"versions": [
{
"lessThanOrEqual": "6.14.263.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Industrial Gateway Server",
"vendor": "GE Gigital",
"versions": [
{
"lessThanOrEqual": "7.614",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TOP Server",
"vendor": "Software Toolbox",
"versions": [
{
"lessThanOrEqual": "6.14.263.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Shawn Hoffman"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eKEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information.\u003c/p\u003e\u003cbr\u003e\n\n"
}
],
"value": "\n\n\n\n\nKEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information.\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-Based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-30T22:03:58.098Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-03"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003ePTC has released and recommends users to update to the following versions:\u003c/p\u003e\u003cul\u003e\u003cli\u003eKEPServerEX should upgrade to v6.15 or later\u003c/li\u003e\u003cli\u003eThingWorx Kepware Server should upgrade to v6.15 or later\u003c/li\u003e\u003cli\u003eThingWorx Industrial Connectivity should upgrade to ThingWorx Kepware Server v6.15 or later\u003c/li\u003e\u003cli\u003eOPC-Aggregator should upgrade to v6.15 or later\u003c/li\u003e\u003cli\u003eThingWorx Kepware Edge: Upgrade to v1.8 or later\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eRefer to secure configuration guide \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ptc.com/en/support/refdoc/ThingWorx_Kepware_Server/6.15/ThingWorx%20Kepware%20Server%20Secure%20Deployment%20Guide\"\u003ehere\u003c/a\u003e\u003c/p\u003e\u003cp\u003eIf additional questions remain, please contact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.ptc.com/apps/case_logger_viewer/cs/auth/ssl/log?\"\u003ePTC Technical Support\u003c/a\u003e\u003c/p\u003e\u003cp\u003eFor more information, see PTC\u0027s \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ptc.com/en/support/article/CS405439\"\u003eadvisory\u003c/a\u003e.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nPTC has released and recommends users to update to the following versions:\n\n * KEPServerEX should upgrade to v6.15 or later\n * ThingWorx Kepware Server should upgrade to v6.15 or later\n * ThingWorx Industrial Connectivity should upgrade to ThingWorx Kepware Server v6.15 or later\n * OPC-Aggregator should upgrade to v6.15 or later\n * ThingWorx Kepware Edge: Upgrade to v1.8 or later\n\n\nRefer to secure configuration guide here https://www.ptc.com/en/support/refdoc/ThingWorx_Kepware_Server/6.15/ThingWorx%20Kepware%20Server%20Secure%20Deployment%20Guide \n\nIf additional questions remain, please contact PTC Technical Support https://support.ptc.com/apps/case_logger_viewer/cs/auth/ssl/log \n\nFor more information, see PTC\u0027s advisory https://www.ptc.com/en/support/article/CS405439 .\n\n\n\n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Heap Based Buffer Overflow in PTC KEPServerEx",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-5908",
"datePublished": "2023-11-30T22:03:58.098Z",
"dateReserved": "2023-11-01T16:18:42.353Z",
"dateUpdated": "2024-08-02T08:14:24.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5909 (GCVE-0-2023-5909)
Vulnerability from cvelistv5
Published
2023-11-30 22:05
Modified
2024-08-02 08:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-297 - Improper Validation of Certificate with Host Mismatch
Summary
KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | PTC | KEPServerEX |
Version: 0 < |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:14:24.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "KEPServerEX",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "6.14.263.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThingWorx Kepware Server",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "6.14.263.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThingWorx Industrial Connectivity",
"vendor": "PTC",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "OPC-Aggregator",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "6.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ThingWorx Kepware Edge",
"vendor": "PTC",
"versions": [
{
"lessThanOrEqual": "1.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "KEPServer Enterprise",
"vendor": "Rockwell Automation ",
"versions": [
{
"lessThanOrEqual": "6.14.263.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Industrial Gateway Server",
"vendor": "GE Gigital",
"versions": [
{
"lessThanOrEqual": "7.614",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TOP Server",
"vendor": "Software Toolbox",
"versions": [
{
"lessThanOrEqual": "6.14.263.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Shawn Hoffman"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eKEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect.\u003c/p\u003e\u003cbr\u003e\n\n\u003cbr\u003e\n\n"
}
],
"value": "\n\n\n\n\n\n\n\n\nKEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect.\n\n\n\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-297",
"description": "CWE-297 Improper Validation of Certificate with Host Mismatch",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-30T22:05:59.595Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-03"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003ePTC has released and recommends users to update to the following versions:\u003c/p\u003e\u003cul\u003e\u003cli\u003eKEPServerEX should upgrade to v6.15 or later\u003c/li\u003e\u003cli\u003eThingWorx Kepware Server should upgrade to v6.15 or later\u003c/li\u003e\u003cli\u003eThingWorx Industrial Connectivity should upgrade to ThingWorx Kepware Server v6.15 or later\u003c/li\u003e\u003cli\u003eOPC-Aggregator should upgrade to v6.15 or later\u003c/li\u003e\u003cli\u003eThingWorx Kepware Edge: Upgrade to v1.8 or later\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eRefer to secure configuration guide \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ptc.com/en/support/refdoc/ThingWorx_Kepware_Server/6.15/ThingWorx%20Kepware%20Server%20Secure%20Deployment%20Guide\"\u003ehere\u003c/a\u003e\u003c/p\u003e\u003cp\u003eIf additional questions remain, please contact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.ptc.com/apps/case_logger_viewer/cs/auth/ssl/log?\"\u003ePTC Technical Support\u003c/a\u003e\u003c/p\u003e\u003cp\u003eFor more information, see PTC\u0027s \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ptc.com/en/support/article/CS405439\"\u003eadvisory\u003c/a\u003e.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nPTC has released and recommends users to update to the following versions:\n\n * KEPServerEX should upgrade to v6.15 or later\n * ThingWorx Kepware Server should upgrade to v6.15 or later\n * ThingWorx Industrial Connectivity should upgrade to ThingWorx Kepware Server v6.15 or later\n * OPC-Aggregator should upgrade to v6.15 or later\n * ThingWorx Kepware Edge: Upgrade to v1.8 or later\n\n\nRefer to secure configuration guide here https://www.ptc.com/en/support/refdoc/ThingWorx_Kepware_Server/6.15/ThingWorx%20Kepware%20Server%20Secure%20Deployment%20Guide \n\nIf additional questions remain, please contact PTC Technical Support https://support.ptc.com/apps/case_logger_viewer/cs/auth/ssl/log \n\nFor more information, see PTC\u0027s advisory https://www.ptc.com/en/support/article/CS405439 .\n\n\n\n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Validation of Certificate with Host Mismatch in PTC KEPServerEx",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-5909",
"datePublished": "2023-11-30T22:05:59.595Z",
"dateReserved": "2023-11-01T16:18:45.060Z",
"dateUpdated": "2024-08-02T08:14:24.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27267 (GCVE-0-2020-27267)
Vulnerability from cvelistv5
Published
2021-01-13 23:25
Modified
2024-08-04 16:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - USE AFTER FREE
Summary
KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | n/a | PTC Kepware KEPServerEX |
Version: v6.0 to v6.9 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:11:36.412Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PTC Kepware KEPServerEX",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v6.0 to v6.9"
}
]
},
{
"product": "ThingWorx Kepware Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v6.8 and v6.9"
}
]
},
{
"product": "ThingWorx Industrial Connectivity",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "OPC-Aggregator",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "Rockwell Automation KEPServer Enterprise",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "GE Digital Industrial Gateway Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v7.68.804"
},
{
"status": "affected",
"version": "v7.66"
}
]
},
{
"product": "Software Toolbox TOP Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All 6.x versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "USE AFTER FREE CWE-416",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-13T23:25:07",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-27267",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PTC Kepware KEPServerEX",
"version": {
"version_data": [
{
"version_value": "v6.0 to v6.9"
}
]
}
},
{
"product_name": "ThingWorx Kepware Server",
"version": {
"version_data": [
{
"version_value": "v6.8 and v6.9"
}
]
}
},
{
"product_name": "ThingWorx Industrial Connectivity",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "OPC-Aggregator",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "Rockwell Automation KEPServer Enterprise",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "GE Digital Industrial Gateway Server",
"version": {
"version_data": [
{
"version_value": "v7.68.804"
},
{
"version_value": "v7.66"
}
]
}
},
{
"product_name": "Software Toolbox TOP Server",
"version": {
"version_data": [
{
"version_value": "All 6.x versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "USE AFTER FREE CWE-416"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-27267",
"datePublished": "2021-01-13T23:25:07",
"dateReserved": "2020-10-19T00:00:00",
"dateUpdated": "2024-08-04T16:11:36.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27265 (GCVE-0-2020-27265)
Vulnerability from cvelistv5
Published
2021-01-13 23:33
Modified
2024-08-04 16:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-121 - STACK-BASED BUFFER OVERFLOW
Summary
KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions are vulnerable to a stack-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and remotely execute code.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | PTC Kepware KEPServerEX; ThingWorx Industrial Connectivity; OPC-Aggregator; Rockwell Automation KEPServer Enterprise; GE Digital Industrial Gateway Server; Software Toolbox TOP Server |
Version: v6.0 to v6.9 Version: v6.8 and v6.9 Version: All versions Version: v7.68.804, v7.66 Version: All 6.x versions |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:11:36.330Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PTC Kepware KEPServerEX; ThingWorx Industrial Connectivity; OPC-Aggregator; Rockwell Automation KEPServer Enterprise; GE Digital Industrial Gateway Server; Software Toolbox TOP Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v6.0 to v6.9"
},
{
"status": "affected",
"version": "v6.8 and v6.9"
},
{
"status": "affected",
"version": "All versions"
},
{
"status": "affected",
"version": "v7.68.804, v7.66"
},
{
"status": "affected",
"version": "All 6.x versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions are vulnerable to a stack-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and remotely execute code."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "STACK-BASED BUFFER OVERFLOW CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-13T23:33:45",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-27265",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PTC Kepware KEPServerEX; ThingWorx Industrial Connectivity; OPC-Aggregator; Rockwell Automation KEPServer Enterprise; GE Digital Industrial Gateway Server; Software Toolbox TOP Server",
"version": {
"version_data": [
{
"version_value": "v6.0 to v6.9"
},
{
"version_value": "v6.8 and v6.9"
},
{
"version_value": "All versions"
},
{
"version_value": "All versions"
},
{
"version_value": "All versions"
},
{
"version_value": "v7.68.804, v7.66"
},
{
"version_value": "All 6.x versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions are vulnerable to a stack-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and remotely execute code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "STACK-BASED BUFFER OVERFLOW CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-27265",
"datePublished": "2021-01-13T23:33:45",
"dateReserved": "2020-10-19T00:00:00",
"dateUpdated": "2024-08-04T16:11:36.330Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2021-01-14 00:15
Modified
2024-11-21 05:20
Severity ?
Summary
KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions are vulnerable to a stack-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and remotely execute code.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ge | industrial_gateway_server | 7.66 | |
| ge | industrial_gateway_server | 7.68.804 | |
| ptc | kepware_kepserverex | 6.0 | |
| ptc | kepware_kepserverex | 6.9 | |
| ptc | opc-aggregator | - | |
| ptc | thingworx_industrial_connectivity | - | |
| ptc | thingworx_kepware_server | 6.8 | |
| ptc | thingworx_kepware_server | 6.9 | |
| rockwellautomation | kepserver_enterprise | 6.6.504.0 | |
| rockwellautomation | kepserver_enterprise | 6.9.572.0 | |
| softwaretoolbox | top_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ge:industrial_gateway_server:7.66:*:*:*:*:*:*:*",
"matchCriteriaId": "E5AEAC75-5E69-4C49-8D57-35401400C9D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ge:industrial_gateway_server:7.68.804:*:*:*:*:*:*:*",
"matchCriteriaId": "906B1D62-7656-457E-B528-B0407C9D0BA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ptc:kepware_kepserverex:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6994DBB6-BA65-4E47-B0E4-42310120FC04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ptc:kepware_kepserverex:6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FC1720A3-85F1-4A85-B226-1CCBB34FCAAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ptc:opc-aggregator:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D8F46490-09F7-488A-B1EB-2286BFA0F882",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ptc:thingworx_industrial_connectivity:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D01A814D-8F2B-4B88-A66B-F2A2C293A6AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ptc:thingworx_kepware_server:6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2DE510A4-1D91-447E-BF61-6CDFDFF82796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ptc:thingworx_kepware_server:6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2F16FBD0-8841-4E42-8FE6-796F7B4E5C16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:kepserver_enterprise:6.6.504.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6FFA2B21-E36C-41CE-B633-B831C6D42962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:kepserver_enterprise:6.9.572.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BACC2F09-9EC8-420A-B499-BF7CD737A473",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softwaretoolbox:top_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95B527BB-A27F-4080-8BBB-3FCA2408B7AE",
"versionEndIncluding": "6.9",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions are vulnerable to a stack-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and remotely execute code."
},
{
"lang": "es",
"value": "KEPServerEX: versiones v6.0 hasta v6.9, ThingWorx Kepware Server: versiones v6.8 y v6.9, ThingWorx Industrial Connectivity: Todas las versiones, OPC-Aggregator: Todas las versiones, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: versiones v7.68.804 y v7.66, Software Toolbox TOP Server: Todas las versiones 6.x, son vulnerables a un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria.\u0026#xa0;Abrir un mensaje OPC UA espec\u00edficamente dise\u00f1ado podr\u00eda permitir a un atacante bloquear el servidor y ejecutar c\u00f3digo de remotamente"
}
],
"id": "CVE-2020-27265",
"lastModified": "2024-11-21T05:20:58.083",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-14T00:15:13.417",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-01-14 00:15
Modified
2024-11-21 05:20
Severity ?
Summary
KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ge | industrial_gateway_server | 7.66 | |
| ge | industrial_gateway_server | 7.68.804 | |
| ptc | kepware_kepserverex | 6.0 | |
| ptc | kepware_kepserverex | 6.9 | |
| ptc | opc-aggregator | - | |
| ptc | thingworx_industrial_connectivity | - | |
| ptc | thingworx_kepware_server | 6.8 | |
| ptc | thingworx_kepware_server | 6.9 | |
| rockwellautomation | kepserver_enterprise | 6.6.504.0 | |
| rockwellautomation | kepserver_enterprise | 6.9.572.0 | |
| softwaretoolbox | top_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ge:industrial_gateway_server:7.66:*:*:*:*:*:*:*",
"matchCriteriaId": "E5AEAC75-5E69-4C49-8D57-35401400C9D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ge:industrial_gateway_server:7.68.804:*:*:*:*:*:*:*",
"matchCriteriaId": "906B1D62-7656-457E-B528-B0407C9D0BA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ptc:kepware_kepserverex:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6994DBB6-BA65-4E47-B0E4-42310120FC04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ptc:kepware_kepserverex:6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FC1720A3-85F1-4A85-B226-1CCBB34FCAAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ptc:opc-aggregator:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D8F46490-09F7-488A-B1EB-2286BFA0F882",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ptc:thingworx_industrial_connectivity:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D01A814D-8F2B-4B88-A66B-F2A2C293A6AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ptc:thingworx_kepware_server:6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2DE510A4-1D91-447E-BF61-6CDFDFF82796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ptc:thingworx_kepware_server:6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2F16FBD0-8841-4E42-8FE6-796F7B4E5C16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:kepserver_enterprise:6.6.504.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6FFA2B21-E36C-41CE-B633-B831C6D42962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:kepserver_enterprise:6.9.572.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BACC2F09-9EC8-420A-B499-BF7CD737A473",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softwaretoolbox:top_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95B527BB-A27F-4080-8BBB-3FCA2408B7AE",
"versionEndIncluding": "6.9",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data."
},
{
"lang": "es",
"value": "KEPServerEX versiones v6.0 hasta v6.9, ThingWorx Kepware Server versiones v6.8 y v6.9, ThingWorx Industrial Connectivity (todas las versiones), OPC-Aggregator (todas las versiones), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server versiones v7.68.804 y v7.66, y Software Toolbox TOP Server, todas las versiones 6.x, son vulnerables a un desbordamiento del b\u00fafer en la regi\u00f3n heap de la memoria.\u0026#xa0;Abrir un mensaje OPC UA espec\u00edficamente dise\u00f1ado podr\u00eda permitir a un atacante bloquear el servidor y potencialmente filtrar datos"
}
],
"id": "CVE-2020-27267",
"lastModified": "2024-11-21T05:20:58.280",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-14T00:15:13.510",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-30 22:15
Modified
2024-11-21 08:42
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Summary
KEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-03 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ge | industrial_gateway_server | * | |
| ptc | keepserverex | * | |
| ptc | opc-aggregator | * | |
| ptc | thingworx_industrial_connectivity | - | |
| ptc | thingworx_kepware_edge | * | |
| ptc | thingworx_kepware_server | * | |
| rockwellautomation | kepserver_enterprise | * | |
| softwaretoolbox | top_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ge:industrial_gateway_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FAC36939-C47F-4426-A684-0252C014CB05",
"versionEndIncluding": "7.614",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ptc:keepserverex:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C003AF3-3140-4AD9-8407-D3C216D72AA0",
"versionEndIncluding": "6.14.263.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ptc:opc-aggregator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0A4FE5D-D1DD-4854-B709-3E0A54D6BE97",
"versionEndIncluding": "6.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ptc:thingworx_industrial_connectivity:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D01A814D-8F2B-4B88-A66B-F2A2C293A6AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ptc:thingworx_kepware_edge:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E8B99ED4-CEB0-463D-9900-426C6108A009",
"versionEndIncluding": "1.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ptc:thingworx_kepware_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14930935-3DE4-403F-9F6A-9E4490C3B95D",
"versionEndIncluding": "6.14.263.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:kepserver_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40663AD6-24DE-4D75-AA95-0D4E6A2ADF04",
"versionEndIncluding": "6.14.263.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softwaretoolbox:top_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB7C7A8B-38A0-4A48-B78A-F5FAA2A9E20F",
"versionEndIncluding": "6.14.263.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\n\n\n\n\nKEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information.\n\n\n\n\n"
},
{
"lang": "es",
"value": "KEPServerEX es vulnerable a un desbordamiento del b\u00fafer que puede permitir que un atacante bloquee el producto al que se accede o filtre informaci\u00f3n."
}
],
"id": "CVE-2023-5908",
"lastModified": "2024-11-21T08:42:45.123",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-30T22:15:09.923",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-03"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-30 22:15
Modified
2024-11-21 08:42
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-03 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ge | industrial_gateway_server | * | |
| ptc | keepserverex | * | |
| ptc | opc-aggregator | * | |
| ptc | thingworx_industrial_connectivity | - | |
| ptc | thingworx_kepware_edge | * | |
| ptc | thingworx_kepware_server | * | |
| rockwellautomation | kepserver_enterprise | * | |
| softwaretoolbox | top_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ge:industrial_gateway_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FAC36939-C47F-4426-A684-0252C014CB05",
"versionEndIncluding": "7.614",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ptc:keepserverex:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C003AF3-3140-4AD9-8407-D3C216D72AA0",
"versionEndIncluding": "6.14.263.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ptc:opc-aggregator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0A4FE5D-D1DD-4854-B709-3E0A54D6BE97",
"versionEndIncluding": "6.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ptc:thingworx_industrial_connectivity:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D01A814D-8F2B-4B88-A66B-F2A2C293A6AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ptc:thingworx_kepware_edge:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E8B99ED4-CEB0-463D-9900-426C6108A009",
"versionEndIncluding": "1.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ptc:thingworx_kepware_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14930935-3DE4-403F-9F6A-9E4490C3B95D",
"versionEndIncluding": "6.14.263.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:kepserver_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40663AD6-24DE-4D75-AA95-0D4E6A2ADF04",
"versionEndIncluding": "6.14.263.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softwaretoolbox:top_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB7C7A8B-38A0-4A48-B78A-F5FAA2A9E20F",
"versionEndIncluding": "6.14.263.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\n\n\n\n\n\n\n\n\nKEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect.\n\n\n\n\n\n\n\n"
},
{
"lang": "es",
"value": "KEPServerEX no valida adecuadamente los certificados de los clientes, lo que puede permitir que se conecten usuarios no autenticados."
}
],
"id": "CVE-2023-5909",
"lastModified": "2024-11-21T08:42:45.260",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-30T22:15:10.163",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-03"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-297"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-29 19:15
Modified
2025-02-18 17:15
Severity ?
Summary
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-16486.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| zdi-disclosures@trendmicro.com | https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-10 | Third Party Advisory, US Government Resource | |
| zdi-disclosures@trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-22-1454/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-10 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-22-1454/ | Third Party Advisory, VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ge:industrial_gateway_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "864CE1B5-7A33-4BFF-955C-7ACC95670A78",
"versionEndExcluding": "7.612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ptc:kepware_kepserverex:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F1B40A2-8747-42B6-BBBB-A7E805143FC5",
"versionEndExcluding": "6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ptc:opc-aggregator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "243853C3-04C4-4FA6-89E4-15A55D00B251",
"versionEndExcluding": "6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ptc:thingworx_industrial_connectivity:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D01A814D-8F2B-4B88-A66B-F2A2C293A6AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ptc:thingworx_kepware_edge:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F732A00C-F341-4048-9FFD-E866A7DE50A3",
"versionEndExcluding": "1.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ptc:thingworx_kepware_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4343161-DCB8-4DD3-8EA6-BC8B40FC6103",
"versionEndExcluding": "6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:kepserver_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1718A22-3F3F-4523-AC36-6408929903AD",
"versionEndExcluding": "6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softwaretoolbox:top_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB1AD52B-9FB3-4C97-9987-059B398A1794",
"versionEndExcluding": "6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-16486."
}
],
"id": "CVE-2022-2848",
"lastModified": "2025-02-18T17:15:13.367",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-29T19:15:11.680",
"references": [
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-10"
},
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1454/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1454/"
}
],
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "zdi-disclosures@trendmicro.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-01-14 00:15
Modified
2024-11-21 05:20
Severity ?
Summary
KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ge | industrial_gateway_server | 7.66 | |
| ge | industrial_gateway_server | 7.68.804 | |
| ptc | kepware_kepserverex | 6.0 | |
| ptc | kepware_kepserverex | 6.9 | |
| ptc | opc-aggregator | - | |
| ptc | thingworx_industrial_connectivity | - | |
| ptc | thingworx_kepware_server | 6.8 | |
| ptc | thingworx_kepware_server | 6.9 | |
| rockwellautomation | kepserver_enterprise | 6.6.504.0 | |
| rockwellautomation | kepserver_enterprise | 6.9.572.0 | |
| softwaretoolbox | top_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ge:industrial_gateway_server:7.66:*:*:*:*:*:*:*",
"matchCriteriaId": "E5AEAC75-5E69-4C49-8D57-35401400C9D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ge:industrial_gateway_server:7.68.804:*:*:*:*:*:*:*",
"matchCriteriaId": "906B1D62-7656-457E-B528-B0407C9D0BA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ptc:kepware_kepserverex:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6994DBB6-BA65-4E47-B0E4-42310120FC04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ptc:kepware_kepserverex:6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FC1720A3-85F1-4A85-B226-1CCBB34FCAAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ptc:opc-aggregator:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D8F46490-09F7-488A-B1EB-2286BFA0F882",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ptc:thingworx_industrial_connectivity:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D01A814D-8F2B-4B88-A66B-F2A2C293A6AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ptc:thingworx_kepware_server:6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2DE510A4-1D91-447E-BF61-6CDFDFF82796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ptc:thingworx_kepware_server:6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2F16FBD0-8841-4E42-8FE6-796F7B4E5C16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:kepserver_enterprise:6.6.504.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6FFA2B21-E36C-41CE-B633-B831C6D42962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:kepserver_enterprise:6.9.572.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BACC2F09-9EC8-420A-B499-BF7CD737A473",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softwaretoolbox:top_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95B527BB-A27F-4080-8BBB-3FCA2408B7AE",
"versionEndIncluding": "6.9",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data."
},
{
"lang": "es",
"value": "KEPServerEX: versiones v6.0 hasta v6.9, ThingWorx Kepware Server: versiones v6.8 y v6.9, ThingWorx Industrial Connectivity: Todas las versiones, OPC-Aggregator: Todas las versiones, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: versiones v7.68.804 y v7.66, Software Toolbox TOP Server: Todas las versiones 6.x son vulnerables a un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria.\u0026#xa0;Abrir un mensaje OPC UA espec\u00edficamente dise\u00f1ado podr\u00eda permitir a un atacante bloquear el servidor y potencialmente filtrar datos"
}
],
"id": "CVE-2020-27263",
"lastModified": "2024-11-21T05:20:57.887",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-14T00:15:13.353",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-28 13:09
Modified
2025-04-11 00:51
Severity ?
Summary
The DNP Master Driver in Software Toolbox TOP Server before 5.12.140.0 allows remote attackers to cause a denial of service (master-station infinite loop) via crafted DNP3 packets to TCP port 20000 and allows physically proximate attackers to cause a denial of service (master-station infinite loop) via crafted input over a serial line.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://ics-cert.us-cert.gov/advisories/ICSA-13-234-02 | US Government Resource | |
| ics-cert@hq.dhs.gov | http://support.softwaretoolbox.com/app/answers/detail/a_id/3014 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ics-cert.us-cert.gov/advisories/ICSA-13-234-02 | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.softwaretoolbox.com/app/answers/detail/a_id/3014 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| softwaretoolbox | top_server | * | |
| softwaretoolbox | top_server | 4.0 | |
| softwaretoolbox | top_server | 5.1 | |
| softwaretoolbox | top_server | 5.2 | |
| softwaretoolbox | top_server | 5.3 | |
| softwaretoolbox | top_server | 5.4 | |
| softwaretoolbox | top_server | 5.5 | |
| softwaretoolbox | top_server | 5.6 | |
| softwaretoolbox | top_server | 5.7 | |
| softwaretoolbox | top_server | 5.8 | |
| softwaretoolbox | top_server | 5.9 | |
| softwaretoolbox | top_server | 5.10 | |
| softwaretoolbox | top_server | 5.11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softwaretoolbox:top_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5AF2BD70-67A5-4F61-94C5-0863121BD4AE",
"versionEndIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softwaretoolbox:top_server:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A0DF1E6-F0BE-4285-8CCC-00F6223257BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softwaretoolbox:top_server:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D27D453-CFD9-4EFB-AEC7-AFAEC9C3696C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softwaretoolbox:top_server:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE242188-C190-4CD0-9DF9-7E670B29F28D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softwaretoolbox:top_server:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2ADA4AA4-7D03-4352-8E1D-92AA55CE2F9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softwaretoolbox:top_server:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C1DDBDA3-BC3D-4C04-B5F7-381AA5102431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softwaretoolbox:top_server:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E39D751D-0D5E-4189-89B0-B3AF5545FEE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softwaretoolbox:top_server:5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7E12CE9C-3117-41D9-8C4A-3338966A0682",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softwaretoolbox:top_server:5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5730D480-BD66-40F1-8DB1-AAC4136A815C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softwaretoolbox:top_server:5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "EB70DE6A-334B-4AD8-BD28-6D4107DEA437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softwaretoolbox:top_server:5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "23E076D2-A342-4EB9-9A4D-E0CC7D48B7F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softwaretoolbox:top_server:5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4CA6C424-0FD2-49EA-9B1D-43A2930734B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softwaretoolbox:top_server:5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D9FBE9B6-C93C-43E4-B3F0-78C0A59288FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The DNP Master Driver in Software Toolbox TOP Server before 5.12.140.0 allows remote attackers to cause a denial of service (master-station infinite loop) via crafted DNP3 packets to TCP port 20000 and allows physically proximate attackers to cause a denial of service (master-station infinite loop) via crafted input over a serial line."
},
{
"lang": "es",
"value": "El controlador DNP Master en Software Toolbox TOP Server anterior a v5.12.140.0 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (bucle infinito en la estaci\u00f3n master) a trav\u00e9s de paquetes DNP3 manipulados hacia el puerto TCP 20000 y permite a los atacantes f\u00edsicamente pr\u00f3ximos a provocar una denegaci\u00f3n de servicio (bucle infinito en la estaci\u00f3n master) a trav\u00e9s de entrada manipulada en una l\u00ednea serie."
}
],
"id": "CVE-2013-2804",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-08-28T13:09:15.590",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-234-02"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Vendor Advisory"
],
"url": "http://support.softwaretoolbox.com/app/answers/detail/a_id/3014"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-234-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.softwaretoolbox.com/app/answers/detail/a_id/3014"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-29 19:15
Modified
2025-02-18 17:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-18411.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| zdi-disclosures@trendmicro.com | https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-10 | Third Party Advisory, US Government Resource | |
| zdi-disclosures@trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-22-1455/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-10 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-22-1455/ | Third Party Advisory, VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ge:industrial_gateway_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "864CE1B5-7A33-4BFF-955C-7ACC95670A78",
"versionEndExcluding": "7.612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ptc:kepware_kepserverex:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F1B40A2-8747-42B6-BBBB-A7E805143FC5",
"versionEndExcluding": "6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ptc:opc-aggregator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "243853C3-04C4-4FA6-89E4-15A55D00B251",
"versionEndExcluding": "6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ptc:thingworx_industrial_connectivity:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D01A814D-8F2B-4B88-A66B-F2A2C293A6AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ptc:thingworx_kepware_edge:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F732A00C-F341-4048-9FFD-E866A7DE50A3",
"versionEndExcluding": "1.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ptc:thingworx_kepware_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4343161-DCB8-4DD3-8EA6-BC8B40FC6103",
"versionEndExcluding": "6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rockwellautomation:kepserver_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1718A22-3F3F-4523-AC36-6408929903AD",
"versionEndExcluding": "6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softwaretoolbox:top_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB1AD52B-9FB3-4C97-9987-059B398A1794",
"versionEndExcluding": "6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-18411."
}
],
"id": "CVE-2022-2825",
"lastModified": "2025-02-18T17:15:13.183",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-03-29T19:15:11.610",
"references": [
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-10"
},
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1455/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1455/"
}
],
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "zdi-disclosures@trendmicro.com",
"type": "Primary"
}
]
}