CVE-2020-27265 - Vulnerability Details

Vendors	Products
Ge	Industrial Gateway Server
Ptc	Kepware Kepserverex Opc-aggregator Thingworx Industrial Connectivity Thingworx Kepware Server
Rockwellautomation	Kepserver Enterprise
Softwaretoolbox	Top Server

Link	Providers
https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "PTC Kepware KEPServerEX;  ThingWorx Industrial Connectivity; OPC-Aggregator; Rockwell Automation KEPServer Enterprise; GE Digital Industrial Gateway Server; Software Toolbox TOP Server", "vendor": "n/a", "versions": [{"status": "affected", "version": "v6.0 to v6.9"}, {"status": "affected", "version": "v6.8 and v6.9"}, {"status": "affected", "version": "All versions"}, {"status": "affected", "version": "v7.68.804, v7.66"}, {"status": "affected", "version": "All 6.x versions"}]}], "descriptions": [{"lang": "en", "value": "KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions are vulnerable to a stack-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and remotely execute code."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-121", "description": "STACK-BASED BUFFER OVERFLOW CWE-121", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-01-13T23:33:45", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2020-27265", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "PTC Kepware KEPServerEX;  ThingWorx Industrial Connectivity; OPC-Aggregator; Rockwell Automation KEPServer Enterprise; GE Digital Industrial Gateway Server; Software Toolbox TOP Server", "version": {"version_data": [{"version_value": "v6.0 to v6.9"}, {"version_value": "v6.8 and v6.9"}, {"version_value": "All versions"}, {"version_value": "All versions"}, {"version_value": "All versions"}, {"version_value": "v7.68.804, v7.66"}, {"version_value": "All 6.x versions"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions are vulnerable to a stack-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and remotely execute code."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "STACK-BASED BUFFER OVERFLOW CWE-121"}]}]}, "references": {"reference_data": [{"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T16:11:36.330Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2020-27265", "datePublished": "2021-01-13T23:33:45", "dateReserved": "2020-10-19T00:00:00", "dateUpdated": "2024-08-04T16:11:36.330Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : PTC Kepware KEPServerEX; ThingWorx Industrial Connectivity; OPC-Aggregator; Rockwell Automation KEPServer Enterprise; GE Digital Industrial Gateway Server; Software Toolbox TOP Server (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : v6.0 to v6.9 (string)

}

1 : { »

status : affected (string)

version : v6.8 and v6.9 (string)

}

2 : { »

status : affected (string)

version : All versions (string)

}

3 : { »

status : affected (string)

version : v7.68.804, v7.66 (string)

}

4 : { »

status : affected (string)

version : All 6.x versions (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions are vulnerable to a stack-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and remotely execute code. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

cweId : CWE-121 (string)

description : STACK-BASED BUFFER OVERFLOW CWE-121 (string)

lang : en (string)

type : CWE (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2021-01-13T23:33:45 (string)

orgId : 7d14cffa-0d7d-4270-9dc0-52cabd5a23a6 (string)

shortName : icscert (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : ics-cert@hq.dhs.gov (string)

ID : CVE-2020-27265 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : PTC Kepware KEPServerEX; ThingWorx Industrial Connectivity; OPC-Aggregator; Rockwell Automation KEPServer Enterprise; GE Digital Industrial Gateway Server; Software Toolbox TOP Server (string)

version : { »

version_data : [ »

0 : { »

version_value : v6.0 to v6.9 (string)

}

1 : { »

version_value : v6.8 and v6.9 (string)

}

2 : { »

version_value : All versions (string)

}

3 : { »

version_value : All versions (string)

}

4 : { »

version_value : All versions (string)

}

5 : { »

version_value : v7.68.804, v7.66 (string)

}

6 : { »

version_value : All 6.x versions (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions are vulnerable to a stack-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and remotely execute code. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : STACK-BASED BUFFER OVERFLOW CWE-121 (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02 (string)

refsource : MISC (string)

url : https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T16:11:36.330Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 7d14cffa-0d7d-4270-9dc0-52cabd5a23a6 (string)

assignerShortName : icscert (string)

cveId : CVE-2020-27265 (string)

datePublished : 2021-01-13T23:33:45 (string)

dateReserved : 2020-10-19T00:00:00 (string)

dateUpdated : 2024-08-04T16:11:36.330Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ge:industrial_gateway_server:7.66:*:*:*:*:*:*:*", "matchCriteriaId": "E5AEAC75-5E69-4C49-8D57-35401400C9D2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ge:industrial_gateway_server:7.68.804:*:*:*:*:*:*:*", "matchCriteriaId": "906B1D62-7656-457E-B528-B0407C9D0BA4", "vulnerable": true}, {"criteria": "cpe:2.3:a:ptc:kepware_kepserverex:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "6994DBB6-BA65-4E47-B0E4-42310120FC04", "vulnerable": true}, {"criteria": "cpe:2.3:a:ptc:kepware_kepserverex:6.9:*:*:*:*:*:*:*", "matchCriteriaId": "FC1720A3-85F1-4A85-B226-1CCBB34FCAAC", "vulnerable": true}, {"criteria": "cpe:2.3:a:ptc:opc-aggregator:-:*:*:*:*:*:*:*", "matchCriteriaId": "D8F46490-09F7-488A-B1EB-2286BFA0F882", "vulnerable": true}, {"criteria": "cpe:2.3:a:ptc:thingworx_industrial_connectivity:-:*:*:*:*:*:*:*", "matchCriteriaId": "D01A814D-8F2B-4B88-A66B-F2A2C293A6AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:ptc:thingworx_kepware_server:6.8:*:*:*:*:*:*:*", "matchCriteriaId": "2DE510A4-1D91-447E-BF61-6CDFDFF82796", "vulnerable": true}, {"criteria": "cpe:2.3:a:ptc:thingworx_kepware_server:6.9:*:*:*:*:*:*:*", "matchCriteriaId": "2F16FBD0-8841-4E42-8FE6-796F7B4E5C16", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:kepserver_enterprise:6.6.504.0:*:*:*:*:*:*:*", "matchCriteriaId": "6FFA2B21-E36C-41CE-B633-B831C6D42962", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:kepserver_enterprise:6.9.572.0:*:*:*:*:*:*:*", "matchCriteriaId": "BACC2F09-9EC8-420A-B499-BF7CD737A473", "vulnerable": true}, {"criteria": "cpe:2.3:a:softwaretoolbox:top_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "95B527BB-A27F-4080-8BBB-3FCA2408B7AE", "versionEndIncluding": "6.9", "versionStartIncluding": "6.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions are vulnerable to a stack-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and remotely execute code."}, {"lang": "es", "value": "KEPServerEX: versiones v6.0 hasta v6.9, ThingWorx Kepware Server: versiones v6.8 y v6.9, ThingWorx Industrial Connectivity: Todas las versiones, OPC-Aggregator: Todas las versiones, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: versiones v7.68.804 y v7.66, Software Toolbox TOP Server: Todas las versiones 6.x, son vulnerables a un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria.&#xa0;Abrir un mensaje OPC UA espec\u00edficamente dise\u00f1ado podr\u00eda permitir a un atacante bloquear el servidor y ejecutar c\u00f3digo de remotamente"}], "id": "CVE-2020-27265", "lastModified": "2024-11-21T05:20:58.083", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-01-14T00:15:13.417", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:ge:industrial_gateway_server:7.66:*:*:*:*:*:*:* (string)

matchCriteriaId : E5AEAC75-5E69-4C49-8D57-35401400C9D2 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:ge:industrial_gateway_server:7.68.804:*:*:*:*:*:*:* (string)

matchCriteriaId : 906B1D62-7656-457E-B528-B0407C9D0BA4 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:ptc:kepware_kepserverex:6.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 6994DBB6-BA65-4E47-B0E4-42310120FC04 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:ptc:kepware_kepserverex:6.9:*:*:*:*:*:*:* (string)

matchCriteriaId : FC1720A3-85F1-4A85-B226-1CCBB34FCAAC (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:ptc:opc-aggregator:-:*:*:*:*:*:*:* (string)

matchCriteriaId : D8F46490-09F7-488A-B1EB-2286BFA0F882 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:ptc:thingworx_industrial_connectivity:-:*:*:*:*:*:*:* (string)

matchCriteriaId : D01A814D-8F2B-4B88-A66B-F2A2C293A6AB (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:ptc:thingworx_kepware_server:6.8:*:*:*:*:*:*:* (string)

matchCriteriaId : 2DE510A4-1D91-447E-BF61-6CDFDFF82796 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:ptc:thingworx_kepware_server:6.9:*:*:*:*:*:*:* (string)

matchCriteriaId : 2F16FBD0-8841-4E42-8FE6-796F7B4E5C16 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:rockwellautomation:kepserver_enterprise:6.6.504.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 6FFA2B21-E36C-41CE-B633-B831C6D42962 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:rockwellautomation:kepserver_enterprise:6.9.572.0:*:*:*:*:*:*:* (string)

matchCriteriaId : BACC2F09-9EC8-420A-B499-BF7CD737A473 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:softwaretoolbox:top_server:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 95B527BB-A27F-4080-8BBB-3FCA2408B7AE (string)

versionEndIncluding : 6.9 (string)

versionStartIncluding : 6.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions are vulnerable to a stack-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and remotely execute code. (string)

}

1 : { »

lang : es (string)

value : KEPServerEX: versiones v6.0 hasta v6.9, ThingWorx Kepware Server: versiones v6.8 y v6.9, ThingWorx Industrial Connectivity: Todas las versiones, OPC-Aggregator: Todas las versiones, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: versiones v7.68.804 y v7.66, Software Toolbox TOP Server: Todas las versiones 6.x, son vulnerables a un desbordamiento de búfer en la región stack de la memoria. Abrir un mensaje OPC UA específicamente diseñado podría permitir a un atacante bloquear el servidor y ejecutar código de remotamente (string)

}

]

id : CVE-2020-27265 (string)

lastModified : 2024-11-21T05:20:58.083 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : HIGH (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 7.5 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:L/Au:N/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 9.8 (number)

baseSeverity : CRITICAL (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2021-01-14T00:15:13.417 (string)

references : [ »

0 : { »

source : ics-cert@hq.dhs.gov (string)

tags : [ »

0 : Third Party Advisory (string)

1 : US Government Resource (string)

]

url : https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02 (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : US Government Resource (string)

]

url : https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02 (string)

}

]

sourceIdentifier : ics-cert@hq.dhs.gov (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-121 (string)

}

]

source : ics-cert@hq.dhs.gov (string)

type : Secondary (string)

}

1 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-787 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object