CVE-2020-27265

2021-01-1323:33:45

CWE-121

icscert

www.cve.org

9.6 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.3%

JSON

KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions are vulnerable to a stack-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and remotely execute code.

CNA Affected

[
  {
    "product": "PTC Kepware KEPServerEX;  ThingWorx Industrial Connectivity; OPC-Aggregator; Rockwell Automation KEPServer Enterprise; GE Digital Industrial Gateway Server; Software Toolbox TOP Server",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "v6.0 to v6.9"
      },
      {
        "status": "affected",
        "version": "v6.8 and v6.9"
      },
      {
        "status": "affected",
        "version": "All versions"
      },
      {
        "status": "affected",
        "version": "v7.68.804, v7.66"
      },
      {
        "status": "affected",
        "version": "All 6.x versions"
      }
    ]
  }
]

References

us-cert.cisa.gov/ics/advisories/icsa-20-352-02