CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
87.2%
KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data.
Vendor | Product | Version | CPE |
---|---|---|---|
ge | industrial_gateway_server | 7.66 | cpe:2.3:a:ge:industrial_gateway_server:7.66:*:*:*:*:*:*:* |
ge | industrial_gateway_server | 7.68.804 | cpe:2.3:a:ge:industrial_gateway_server:7.68.804:*:*:*:*:*:*:* |
ptc | kepware_kepserverex | 6.0 | cpe:2.3:a:ptc:kepware_kepserverex:6.0:*:*:*:*:*:*:* |
ptc | kepware_kepserverex | 6.9 | cpe:2.3:a:ptc:kepware_kepserverex:6.9:*:*:*:*:*:*:* |
ptc | opc-aggregator | - | cpe:2.3:a:ptc:opc-aggregator:-:*:*:*:*:*:*:* |
ptc | thingworx_industrial_connectivity | - | cpe:2.3:a:ptc:thingworx_industrial_connectivity:-:*:*:*:*:*:*:* |
ptc | thingworx_kepware_server | 6.8 | cpe:2.3:a:ptc:thingworx_kepware_server:6.8:*:*:*:*:*:*:* |
ptc | thingworx_kepware_server | 6.9 | cpe:2.3:a:ptc:thingworx_kepware_server:6.9:*:*:*:*:*:*:* |
rockwellautomation | kepserver_enterprise | 6.6.504.0 | cpe:2.3:a:rockwellautomation:kepserver_enterprise:6.6.504.0:*:*:*:*:*:*:* |
rockwellautomation | kepserver_enterprise | 6.9.572.0 | cpe:2.3:a:rockwellautomation:kepserver_enterprise:6.9.572.0:*:*:*:*:*:*:* |
[
{
"product": "PTC Kepware KEPServerEX",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v6.0 to v6.9"
}
]
},
{
"product": "ThingWorx Kepware Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v6.8 and v6.9"
}
]
},
{
"product": "ThingWorx Industrial Connectivity",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "OPC-Aggregator",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "Rockwell Automation KEPServer Enterprise",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "GE Digital Industrial Gateway Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "v7.68.804"
},
{
"status": "affected",
"version": "v7.66"
}
]
},
{
"product": "Software Toolbox TOP Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All 6.x versions"
}
]
}
]
More
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
87.2%