CVE-2020-27263 - OpenCVE

KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Ptc	Opc-aggregator Thingworx Kepware Server Thingworx Industrial Connectivity Kepware Kepserverex
Softwaretoolbox	Top Server
Ge	Industrial Gateway Server
Rockwellautomation	Kepserver Enterprise

Configuration 1 [-]

OR	cpe:2.3:a:ge:industrial_gateway_server:7.66:::::::*
	cpe:2.3:a:ge:industrial_gateway_server:7.68.804:::::::*
	cpe:2.3:a:ptc:kepware_kepserverex:6.0:::::::*
	cpe:2.3:a:ptc:kepware_kepserverex:6.9:::::::*
	cpe:2.3:a:ptc:opc-aggregator:-:::::::*
	cpe:2.3:a:ptc:thingworx_industrial_connectivity:-:::::::*
	cpe:2.3:a:ptc:thingworx_kepware_server:6.8:::::::*
	cpe:2.3:a:ptc:thingworx_kepware_server:6.9:::::::*
	cpe:2.3:a:rockwellautomation:kepserver_enterprise:6.6.504.0:::::::*
	cpe:2.3:a:rockwellautomation:kepserver_enterprise:6.9.572.0:::::::*
	cpe:2.3:a:softwaretoolbox:top_server::::::::

References

Link	Resource
https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02	Third Party Advisory US Government Resource

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: icscert

Published: 2021-01-13T23:30:08

Updated: 2021-01-13T23:30:08

Reserved: 2020-10-19T00:00:00

Link: CVE-2020-27263

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-01-14T00:15:13.353

Modified: 2021-01-21T16:10:30.217

Link: CVE-2020-27263

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "PTC Kepware KEPServerEX", "vendor": "n/a", "versions": [{"status": "affected", "version": "v6.0 to v6.9"}]}, {"product": "ThingWorx Kepware Server", "vendor": "n/a", "versions": [{"status": "affected", "version": "v6.8 and v6.9"}]}, {"product": "ThingWorx Industrial Connectivity", "vendor": "n/a", "versions": [{"status": "affected", "version": "All versions"}]}, {"product": "OPC-Aggregator", "vendor": "n/a", "versions": [{"status": "affected", "version": "All versions"}]}, {"product": "Rockwell Automation KEPServer Enterprise", "vendor": "n/a", "versions": [{"status": "affected", "version": "All versions"}]}, {"product": "GE Digital Industrial Gateway Server", "vendor": "n/a", "versions": [{"status": "affected", "version": "v7.68.804"}, {"status": "affected", "version": "v7.66"}]}, {"product": "Software Toolbox TOP Server", "vendor": "n/a", "versions": [{"status": "affected", "version": "All 6.x versions"}]}], "descriptions": [{"lang": "en", "value": "KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-122", "description": "HEAP-BASED BUFFER OVERFLOW CWE-122", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-01-13T23:30:08", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2020-27263", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "PTC Kepware KEPServerEX", "version": {"version_data": [{"version_value": "v6.0 to v6.9"}]}}, {"product_name": "ThingWorx Kepware Server", "version": {"version_data": [{"version_value": "v6.8 and v6.9"}]}}, {"product_name": "ThingWorx Industrial Connectivity", "version": {"version_data": [{"version_value": "All versions"}]}}, {"product_name": "OPC-Aggregator", "version": {"version_data": [{"version_value": "All versions"}]}}, {"product_name": "Rockwell Automation KEPServer Enterprise", "version": {"version_data": [{"version_value": "All versions"}]}}, {"product_name": "GE Digital Industrial Gateway Server", "version": {"version_data": [{"version_value": "v7.68.804"}, {"version_value": "v7.66"}]}}, {"product_name": "Software Toolbox TOP Server", "version": {"version_data": [{"version_value": "All 6.x versions"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "HEAP-BASED BUFFER OVERFLOW CWE-122"}]}]}, "references": {"reference_data": [{"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"}]}}}}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2020-27263", "datePublished": "2021-01-13T23:30:08", "dateReserved": "2020-10-19T00:00:00", "dateUpdated": "2021-01-13T23:30:08", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ge:industrial_gateway_server:7.66:*:*:*:*:*:*:*", "matchCriteriaId": "E5AEAC75-5E69-4C49-8D57-35401400C9D2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ge:industrial_gateway_server:7.68.804:*:*:*:*:*:*:*", "matchCriteriaId": "906B1D62-7656-457E-B528-B0407C9D0BA4", "vulnerable": true}, {"criteria": "cpe:2.3:a:ptc:kepware_kepserverex:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "6994DBB6-BA65-4E47-B0E4-42310120FC04", "vulnerable": true}, {"criteria": "cpe:2.3:a:ptc:kepware_kepserverex:6.9:*:*:*:*:*:*:*", "matchCriteriaId": "FC1720A3-85F1-4A85-B226-1CCBB34FCAAC", "vulnerable": true}, {"criteria": "cpe:2.3:a:ptc:opc-aggregator:-:*:*:*:*:*:*:*", "matchCriteriaId": "D8F46490-09F7-488A-B1EB-2286BFA0F882", "vulnerable": true}, {"criteria": "cpe:2.3:a:ptc:thingworx_industrial_connectivity:-:*:*:*:*:*:*:*", "matchCriteriaId": "D01A814D-8F2B-4B88-A66B-F2A2C293A6AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:ptc:thingworx_kepware_server:6.8:*:*:*:*:*:*:*", "matchCriteriaId": "2DE510A4-1D91-447E-BF61-6CDFDFF82796", "vulnerable": true}, {"criteria": "cpe:2.3:a:ptc:thingworx_kepware_server:6.9:*:*:*:*:*:*:*", "matchCriteriaId": "2F16FBD0-8841-4E42-8FE6-796F7B4E5C16", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:kepserver_enterprise:6.6.504.0:*:*:*:*:*:*:*", "matchCriteriaId": "6FFA2B21-E36C-41CE-B633-B831C6D42962", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:kepserver_enterprise:6.9.572.0:*:*:*:*:*:*:*", "matchCriteriaId": "BACC2F09-9EC8-420A-B499-BF7CD737A473", "vulnerable": true}, {"criteria": "cpe:2.3:a:softwaretoolbox:top_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "95B527BB-A27F-4080-8BBB-3FCA2408B7AE", "versionEndIncluding": "6.9", "versionStartIncluding": "6.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data."}, {"lang": "es", "value": "KEPServerEX: versiones v6.0 hasta v6.9, ThingWorx Kepware Server: versiones v6.8 y v6.9, ThingWorx Industrial Connectivity: Todas las versiones, OPC-Aggregator: Todas las versiones, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: versiones v7.68.804 y v7.66, Software Toolbox TOP Server: Todas las versiones 6.x son vulnerables a un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria. Abrir un mensaje OPC UA espec\u00edficamente dise\u00f1ado podr\u00eda permitir a un atacante bloquear el servidor y potencialmente filtrar datos"}], "id": "CVE-2020-27263", "lastModified": "2021-01-21T16:10:30.217", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-01-14T00:15:13.353", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-122"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}