CVE-2020-27267 - OpenCVE

KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Ptc	Opc-aggregator Thingworx Kepware Server Thingworx Industrial Connectivity Kepware Kepserverex
Softwaretoolbox	Top Server
Ge	Industrial Gateway Server
Rockwellautomation	Kepserver Enterprise

Configuration 1 [-]

OR	cpe:2.3:a:ge:industrial_gateway_server:7.66:::::::*
	cpe:2.3:a:ge:industrial_gateway_server:7.68.804:::::::*
	cpe:2.3:a:ptc:kepware_kepserverex:6.0:::::::*
	cpe:2.3:a:ptc:kepware_kepserverex:6.9:::::::*
	cpe:2.3:a:ptc:opc-aggregator:-:::::::*
	cpe:2.3:a:ptc:thingworx_industrial_connectivity:-:::::::*
	cpe:2.3:a:ptc:thingworx_kepware_server:6.8:::::::*
	cpe:2.3:a:ptc:thingworx_kepware_server:6.9:::::::*
	cpe:2.3:a:rockwellautomation:kepserver_enterprise:6.6.504.0:::::::*
	cpe:2.3:a:rockwellautomation:kepserver_enterprise:6.9.572.0:::::::*
	cpe:2.3:a:softwaretoolbox:top_server::::::::

References

Link	Resource
https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02	Third Party Advisory US Government Resource

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: icscert

Published: 2021-01-13T23:25:07

Updated: 2021-01-13T23:25:07

Reserved: 2020-10-19T00:00:00

Link: CVE-2020-27267

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-01-14T00:15:13.510

Modified: 2021-01-21T16:16:31.057

Link: CVE-2020-27267

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "PTC Kepware KEPServerEX", "vendor": "n/a", "versions": [{"status": "affected", "version": "v6.0 to v6.9"}]}, {"product": "ThingWorx Kepware Server", "vendor": "n/a", "versions": [{"status": "affected", "version": "v6.8 and v6.9"}]}, {"product": "ThingWorx Industrial Connectivity", "vendor": "n/a", "versions": [{"status": "affected", "version": "All versions"}]}, {"product": "OPC-Aggregator", "vendor": "n/a", "versions": [{"status": "affected", "version": "All versions"}]}, {"product": "Rockwell Automation KEPServer Enterprise", "vendor": "n/a", "versions": [{"status": "affected", "version": "All versions"}]}, {"product": "GE Digital Industrial Gateway Server", "vendor": "n/a", "versions": [{"status": "affected", "version": "v7.68.804"}, {"status": "affected", "version": "v7.66"}]}, {"product": "Software Toolbox TOP Server", "vendor": "n/a", "versions": [{"status": "affected", "version": "All 6.x versions"}]}], "descriptions": [{"lang": "en", "value": "KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-416", "description": "USE AFTER FREE CWE-416", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-01-13T23:25:07", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2020-27267", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "PTC Kepware KEPServerEX", "version": {"version_data": [{"version_value": "v6.0 to v6.9"}]}}, {"product_name": "ThingWorx Kepware Server", "version": {"version_data": [{"version_value": "v6.8 and v6.9"}]}}, {"product_name": "ThingWorx Industrial Connectivity", "version": {"version_data": [{"version_value": "All versions"}]}}, {"product_name": "OPC-Aggregator", "version": {"version_data": [{"version_value": "All versions"}]}}, {"product_name": "Rockwell Automation KEPServer Enterprise", "version": {"version_data": [{"version_value": "All versions"}]}}, {"product_name": "GE Digital Industrial Gateway Server", "version": {"version_data": [{"version_value": "v7.68.804"}, {"version_value": "v7.66"}]}}, {"product_name": "Software Toolbox TOP Server", "version": {"version_data": [{"version_value": "All 6.x versions"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "USE AFTER FREE CWE-416"}]}]}, "references": {"reference_data": [{"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"}]}}}}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2020-27267", "datePublished": "2021-01-13T23:25:07", "dateReserved": "2020-10-19T00:00:00", "dateUpdated": "2021-01-13T23:25:07", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ge:industrial_gateway_server:7.66:*:*:*:*:*:*:*", "matchCriteriaId": "E5AEAC75-5E69-4C49-8D57-35401400C9D2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ge:industrial_gateway_server:7.68.804:*:*:*:*:*:*:*", "matchCriteriaId": "906B1D62-7656-457E-B528-B0407C9D0BA4", "vulnerable": true}, {"criteria": "cpe:2.3:a:ptc:kepware_kepserverex:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "6994DBB6-BA65-4E47-B0E4-42310120FC04", "vulnerable": true}, {"criteria": "cpe:2.3:a:ptc:kepware_kepserverex:6.9:*:*:*:*:*:*:*", "matchCriteriaId": "FC1720A3-85F1-4A85-B226-1CCBB34FCAAC", "vulnerable": true}, {"criteria": "cpe:2.3:a:ptc:opc-aggregator:-:*:*:*:*:*:*:*", "matchCriteriaId": "D8F46490-09F7-488A-B1EB-2286BFA0F882", "vulnerable": true}, {"criteria": "cpe:2.3:a:ptc:thingworx_industrial_connectivity:-:*:*:*:*:*:*:*", "matchCriteriaId": "D01A814D-8F2B-4B88-A66B-F2A2C293A6AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:ptc:thingworx_kepware_server:6.8:*:*:*:*:*:*:*", "matchCriteriaId": "2DE510A4-1D91-447E-BF61-6CDFDFF82796", "vulnerable": true}, {"criteria": "cpe:2.3:a:ptc:thingworx_kepware_server:6.9:*:*:*:*:*:*:*", "matchCriteriaId": "2F16FBD0-8841-4E42-8FE6-796F7B4E5C16", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:kepserver_enterprise:6.6.504.0:*:*:*:*:*:*:*", "matchCriteriaId": "6FFA2B21-E36C-41CE-B633-B831C6D42962", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:kepserver_enterprise:6.9.572.0:*:*:*:*:*:*:*", "matchCriteriaId": "BACC2F09-9EC8-420A-B499-BF7CD737A473", "vulnerable": true}, {"criteria": "cpe:2.3:a:softwaretoolbox:top_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "95B527BB-A27F-4080-8BBB-3FCA2408B7AE", "versionEndIncluding": "6.9", "versionStartIncluding": "6.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data."}, {"lang": "es", "value": "KEPServerEX versiones v6.0 hasta v6.9, ThingWorx Kepware Server versiones v6.8 y v6.9, ThingWorx Industrial Connectivity (todas las versiones), OPC-Aggregator (todas las versiones), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server versiones v7.68.804 y v7.66, y Software Toolbox TOP Server, todas las versiones 6.x, son vulnerables a un desbordamiento del b\u00fafer en la regi\u00f3n heap de la memoria. Abrir un mensaje OPC UA espec\u00edficamente dise\u00f1ado podr\u00eda permitir a un atacante bloquear el servidor y potencialmente filtrar datos"}], "id": "CVE-2020-27267", "lastModified": "2021-01-21T16:16:31.057", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-01-14T00:15:13.510", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-416"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}