Lucene search

IcscertCVE-2020-27267

HistoryJan 14, 2021 - 12:15 a.m.

CVE-2020-27267

2021-01-1400:15:13

CWE-787

CWE-416

icscert

web.nvd.nist.gov

cve-2020-27267

buffer overflow

industrial servers

security vulnerability

opc ua

nvd

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

AI Score

9.2

Confidence

High

EPSS

0.016

Percentile

87.2%

JSON

KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data.

Affected configurations

Nvd

Node

geindustrial_gateway_serverMatch7.66

geindustrial_gateway_serverMatch7.68.804

ptckepware_kepserverexMatch6.0

ptckepware_kepserverexMatch6.9

ptcopc-aggregatorMatch-

ptcthingworx_industrial_connectivityMatch-

ptcthingworx_kepware_serverMatch6.8

ptcthingworx_kepware_serverMatch6.9

rockwellautomationkepserver_enterpriseMatch6.6.504.0

rockwellautomationkepserver_enterpriseMatch6.9.572.0

softwaretoolboxtop_serverRange6.0–6.9

VendorProductVersionCPE
geindustrial_gateway_server7.66cpe:2.3:a:ge:industrial_gateway_server:7.66:*:*:*:*:*:*:*
geindustrial_gateway_server7.68.804cpe:2.3:a:ge:industrial_gateway_server:7.68.804:*:*:*:*:*:*:*
ptckepware_kepserverex6.0cpe:2.3:a:ptc:kepware_kepserverex:6.0:*:*:*:*:*:*:*
ptckepware_kepserverex6.9cpe:2.3:a:ptc:kepware_kepserverex:6.9:*:*:*:*:*:*:*
ptcopc-aggregator-cpe:2.3:a:ptc:opc-aggregator:-:*:*:*:*:*:*:*
ptcthingworx_industrial_connectivity-cpe:2.3:a:ptc:thingworx_industrial_connectivity:-:*:*:*:*:*:*:*
ptcthingworx_kepware_server6.8cpe:2.3:a:ptc:thingworx_kepware_server:6.8:*:*:*:*:*:*:*
ptcthingworx_kepware_server6.9cpe:2.3:a:ptc:thingworx_kepware_server:6.9:*:*:*:*:*:*:*
rockwellautomationkepserver_enterprise6.6.504.0cpe:2.3:a:rockwellautomation:kepserver_enterprise:6.6.504.0:*:*:*:*:*:*:*
rockwellautomationkepserver_enterprise6.9.572.0cpe:2.3:a:rockwellautomation:kepserver_enterprise:6.9.572.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ge	industrial_gateway_server	7.66	cpe:2.3:a:ge:industrial_gateway_server:7.66:::::::*
ge	industrial_gateway_server	7.68.804	cpe:2.3:a:ge:industrial_gateway_server:7.68.804:::::::*
ptc	kepware_kepserverex	6.0	cpe:2.3:a:ptc:kepware_kepserverex:6.0:::::::*
ptc	kepware_kepserverex	6.9	cpe:2.3:a:ptc:kepware_kepserverex:6.9:::::::*
ptc	opc-aggregator	-	cpe:2.3:a:ptc:opc-aggregator:-:::::::*
ptc	thingworx_industrial_connectivity	-	cpe:2.3:a:ptc:thingworx_industrial_connectivity:-:::::::*
ptc	thingworx_kepware_server	6.8	cpe:2.3:a:ptc:thingworx_kepware_server:6.8:::::::*
ptc	thingworx_kepware_server	6.9	cpe:2.3:a:ptc:thingworx_kepware_server:6.9:::::::*
rockwellautomation	kepserver_enterprise	6.6.504.0	cpe:2.3:a:rockwellautomation:kepserver_enterprise:6.6.504.0:::::::*
rockwellautomation	kepserver_enterprise	6.9.572.0	cpe:2.3:a:rockwellautomation:kepserver_enterprise:6.9.572.0:::::::*

Rows per page:

1-10 of 111

CNA Affected

[
  {
    "product": "PTC Kepware KEPServerEX",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "v6.0 to v6.9"
      }
    ]
  },
  {
    "product": "ThingWorx Kepware Server",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "v6.8 and v6.9"
      }
    ]
  },
  {
    "product": "ThingWorx Industrial Connectivity",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "OPC-Aggregator",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "Rockwell Automation KEPServer Enterprise",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "GE Digital Industrial Gateway Server",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "v7.68.804"
      },
      {
        "status": "affected",
        "version": "v7.66"
      }
    ]
  },
  {
    "product": "Software Toolbox TOP Server",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "All 6.x versions"
      }
    ]
  }
]

References

us-cert.cisa.gov/ics/advisories/icsa-20-352-02

Social References

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

AI Score

9.2

Confidence

High

EPSS

0.016

Percentile

87.2%

JSON

Related for CVE-2020-27267