Top Server Security Vulnerabilities and Issues — Top Server CVE List

SoftwaretoolboxTop Server

8 matches found

CVE•added 2021/01/13 11:30 p.m.•97 views

CVE-2020-27263

CVE-2020-27263 is a heap-based buffer overflow affecting Kepware/OPC UA products. The vulnerable set includes KEPServerEX from v6.0 through v6.9, ThingWorx Kepware Server v6.8–v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Ente...

9.1CVSS9.2AI score0.04941EPSS

CVE•added 2021/01/13 11:33 p.m.•83 views

CVE-2020-27265

The CVE-2020-27265 entry corresponds to a stack-based buffer overflow in Kepware products including KEPServerEX (v6.0–6.9), ThingWorx Kepware Server (v6.8–6.9), ThingWorx Industrial Connectivity, OPC-Aggregator, Rockwell KEPServer Enterprise, GE Digital Industrial Gateway Server (v7.66, 7.68.804)...

9.8CVSS9.4AI score0.10062EPSS

CVE•added 2021/01/13 11:25 p.m.•74 views

CVE-2020-27267

CVE-2020-27267 affects Kepware/KepServerEX family (KEPServerEX v6.0–v6.9, ThingWorx Kepware Server v6.8–v6.9, ThingWorx Industrial Connectivity, OPC-Aggregator, Rockwell KEPServer Enterprise, GE Industrial Gateway Server v7.66–7.68, Software Toolbox TOP Server 6.x). It is caused by a heap-based b...

9.1CVSS9.2AI score0.04941EPSS

CVE•added 2023/11/30 10:3 p.m.•65 views

CVE-2023-5908

CVE-2023-5908 affects PTC Kepware’s KEPServerEX (and related Kepware products) with a heap-based buffer overflow vulnerability. Affected versions include KEPServerEX v6.14.263.0 and older. The issue could allow an attacker to crash the target or leak information on a network without authenticatio...

9.1CVSS9.4AI score0.00962EPSS

CVE•added 2023/03/29 12:0 a.m.•62 views

CVE-2022-2848

CVE-2022-2848 affects Kepware KEPServerEX 6.11.718.0. A heap-based buffer overflow occurs during handling of text encoding conversions due to improper length validation of user-supplied data, allowing remote code execution in the context of SYSTEM. The vulnerability is network-exploitable with no...

9.1CVSS9.4AI score0.03366EPSS

CVE•added 2023/03/29 12:0 a.m.•58 views

CVE-2022-2825

The CVE-2022-2825 issue affects Kepware KEPServerEX 6.11.718.0, with a stack-based buffer overflow in the handling of text encoding conversions caused by improper validation of the length of user-supplied data. It allows remote attackers to execute arbitrary code with SYSTEM privileges without au...

9.8CVSS9.6AI score0.03402EPSS

CVE•added 2023/11/30 10:5 p.m.•54 views

CVE-2023-5909

CVE-2023-5909 (part of the CTR/KEPServerEX issue set) concerns improper validation of client certificates with host mismatch in PTC’s KEPServerEX ecosystem. Affected products include KEPServerEX and related Kepware/ThingWorx components, with versions up to 6.14.263.0 and prior. The root cause is ...

7.5CVSS7.7AI score0.00442EPSS

CVE•added 2013/08/28 1:0 a.m.•40 views

CVE-2013-2804

CVE-2013-2804 affects Software Toolbox TOP Server DNP Master Driver (OPC Server) on Windows, before version 5.12.140.0. Root cause: improper input validation that allows crafted DNP3 traffic to TCP port 20000 or crafted input over serialization to cause the master to enter an infinite loop and cr...

7.1CVSS6.8AI score0.0126EPSS