Lucene search

[email protected]CVE-2020-27263

HistoryJan 14, 2021 - 12:15 a.m.

CVE-2020-27263

2021-01-1400:15:00

CWE-787

[email protected]

web.nvd.nist.gov

cve-2020-27263

kepserverex

thingworx kepware server

industrial connectivity

opc-aggregator

rockwell automation

kepserver enterprise

ge digital

industrial gateway server

software toolbox

top server

buffer overflow

security vulnerability

opc ua

nvd

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

9.3 High

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.016 Low

EPSS

Percentile

87.2%

JSON

KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data.

CPENameOperatorVersion
ptc:opc-aggregatorptc opc-aggregatoreq-
ptc:thingworx_industrial_connectivityptc thingworx industrial connectivityeq-
ptc:thingworx_kepware_serverptc thingworx kepware servereq6.8
ptc:thingworx_kepware_serverptc thingworx kepware servereq6.9
ptc:kepware_kepserverexptc kepware kepserverexeq6.0
ptc:kepware_kepserverexptc kepware kepserverexeq6.9
ge:industrial_gateway_serverge industrial gateway servereq7.68.804
ge:industrial_gateway_serverge industrial gateway servereq7.66
rockwellautomation:kepserver_enterpriserockwellautomation kepserver enterpriseeq6.6.504.0
softwaretoolbox:top_serversoftwaretoolbox top serverle6.9

CPE	Name	Operator	Version
ptc:opc-aggregator	ptc opc-aggregator	eq	-
ptc:thingworx_industrial_connectivity	ptc thingworx industrial connectivity	eq	-
ptc:thingworx_kepware_server	ptc thingworx kepware server	eq	6.8
ptc:thingworx_kepware_server	ptc thingworx kepware server	eq	6.9
ptc:kepware_kepserverex	ptc kepware kepserverex	eq	6.0
ptc:kepware_kepserverex	ptc kepware kepserverex	eq	6.9
ge:industrial_gateway_server	ge industrial gateway server	eq	7.68.804
ge:industrial_gateway_server	ge industrial gateway server	eq	7.66
rockwellautomation:kepserver_enterprise	rockwellautomation kepserver enterprise	eq	6.6.504.0
softwaretoolbox:top_server	softwaretoolbox top server	le	6.9

Rows per page:

1-10 of 111

References

us-cert.cisa.gov/ics/advisories/icsa-20-352-02

Social References

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

9.3 High

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.016 Low

EPSS

Percentile

87.2%

JSON

Related for CVE-2020-27263

cvelist1 nessus3 prion1 ics1