CVE-2020-27265 - OpenCVE

KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions are vulnerable to a stack-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and remotely execute code.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Ptc	Opc-aggregator Thingworx Kepware Server Thingworx Industrial Connectivity Kepware Kepserverex
Softwaretoolbox	Top Server
Ge	Industrial Gateway Server
Rockwellautomation	Kepserver Enterprise

Configuration 1 [-]

OR	cpe:2.3:a:ge:industrial_gateway_server:7.66:::::::*
	cpe:2.3:a:ge:industrial_gateway_server:7.68.804:::::::*
	cpe:2.3:a:ptc:kepware_kepserverex:6.0:::::::*
	cpe:2.3:a:ptc:kepware_kepserverex:6.9:::::::*
	cpe:2.3:a:ptc:opc-aggregator:-:::::::*
	cpe:2.3:a:ptc:thingworx_industrial_connectivity:-:::::::*
	cpe:2.3:a:ptc:thingworx_kepware_server:6.8:::::::*
	cpe:2.3:a:ptc:thingworx_kepware_server:6.9:::::::*
	cpe:2.3:a:rockwellautomation:kepserver_enterprise:6.6.504.0:::::::*
	cpe:2.3:a:rockwellautomation:kepserver_enterprise:6.9.572.0:::::::*
	cpe:2.3:a:softwaretoolbox:top_server::::::::

References

Link	Resource
https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02	Third Party Advisory US Government Resource

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: icscert

Published: 2021-01-13T23:33:45

Updated: 2021-01-13T23:33:45

Reserved: 2020-10-19T00:00:00

Link: CVE-2020-27265

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-01-14T00:15:13.417

Modified: 2021-01-21T16:20:52.077

Link: CVE-2020-27265

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "PTC Kepware KEPServerEX; ThingWorx Industrial Connectivity; OPC-Aggregator; Rockwell Automation KEPServer Enterprise; GE Digital Industrial Gateway Server; Software Toolbox TOP Server", "vendor": "n/a", "versions": [{"status": "affected", "version": "v6.0 to v6.9"}, {"status": "affected", "version": "v6.8 and v6.9"}, {"status": "affected", "version": "All versions"}, {"status": "affected", "version": "v7.68.804, v7.66"}, {"status": "affected", "version": "All 6.x versions"}]}], "descriptions": [{"lang": "en", "value": "KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions are vulnerable to a stack-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and remotely execute code."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-121", "description": "STACK-BASED BUFFER OVERFLOW CWE-121", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-01-13T23:33:45", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2020-27265", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "PTC Kepware KEPServerEX; ThingWorx Industrial Connectivity; OPC-Aggregator; Rockwell Automation KEPServer Enterprise; GE Digital Industrial Gateway Server; Software Toolbox TOP Server", "version": {"version_data": [{"version_value": "v6.0 to v6.9"}, {"version_value": "v6.8 and v6.9"}, {"version_value": "All versions"}, {"version_value": "All versions"}, {"version_value": "All versions"}, {"version_value": "v7.68.804, v7.66"}, {"version_value": "All 6.x versions"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions are vulnerable to a stack-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and remotely execute code."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "STACK-BASED BUFFER OVERFLOW CWE-121"}]}]}, "references": {"reference_data": [{"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"}]}}}}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2020-27265", "datePublished": "2021-01-13T23:33:45", "dateReserved": "2020-10-19T00:00:00", "dateUpdated": "2021-01-13T23:33:45", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ge:industrial_gateway_server:7.66:*:*:*:*:*:*:*", "matchCriteriaId": "E5AEAC75-5E69-4C49-8D57-35401400C9D2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ge:industrial_gateway_server:7.68.804:*:*:*:*:*:*:*", "matchCriteriaId": "906B1D62-7656-457E-B528-B0407C9D0BA4", "vulnerable": true}, {"criteria": "cpe:2.3:a:ptc:kepware_kepserverex:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "6994DBB6-BA65-4E47-B0E4-42310120FC04", "vulnerable": true}, {"criteria": "cpe:2.3:a:ptc:kepware_kepserverex:6.9:*:*:*:*:*:*:*", "matchCriteriaId": "FC1720A3-85F1-4A85-B226-1CCBB34FCAAC", "vulnerable": true}, {"criteria": "cpe:2.3:a:ptc:opc-aggregator:-:*:*:*:*:*:*:*", "matchCriteriaId": "D8F46490-09F7-488A-B1EB-2286BFA0F882", "vulnerable": true}, {"criteria": "cpe:2.3:a:ptc:thingworx_industrial_connectivity:-:*:*:*:*:*:*:*", "matchCriteriaId": "D01A814D-8F2B-4B88-A66B-F2A2C293A6AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:ptc:thingworx_kepware_server:6.8:*:*:*:*:*:*:*", "matchCriteriaId": "2DE510A4-1D91-447E-BF61-6CDFDFF82796", "vulnerable": true}, {"criteria": "cpe:2.3:a:ptc:thingworx_kepware_server:6.9:*:*:*:*:*:*:*", "matchCriteriaId": "2F16FBD0-8841-4E42-8FE6-796F7B4E5C16", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:kepserver_enterprise:6.6.504.0:*:*:*:*:*:*:*", "matchCriteriaId": "6FFA2B21-E36C-41CE-B633-B831C6D42962", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:kepserver_enterprise:6.9.572.0:*:*:*:*:*:*:*", "matchCriteriaId": "BACC2F09-9EC8-420A-B499-BF7CD737A473", "vulnerable": true}, {"criteria": "cpe:2.3:a:softwaretoolbox:top_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "95B527BB-A27F-4080-8BBB-3FCA2408B7AE", "versionEndIncluding": "6.9", "versionStartIncluding": "6.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions are vulnerable to a stack-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and remotely execute code."}, {"lang": "es", "value": "KEPServerEX: versiones v6.0 hasta v6.9, ThingWorx Kepware Server: versiones v6.8 y v6.9, ThingWorx Industrial Connectivity: Todas las versiones, OPC-Aggregator: Todas las versiones, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: versiones v7.68.804 y v7.66, Software Toolbox TOP Server: Todas las versiones 6.x, son vulnerables a un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria. Abrir un mensaje OPC UA espec\u00edficamente dise\u00f1ado podr\u00eda permitir a un atacante bloquear el servidor y ejecutar c\u00f3digo de remotamente"}], "id": "CVE-2020-27265", "lastModified": "2021-01-21T16:20:52.077", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-01-14T00:15:13.417", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-121"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}