CVE-2020-27267: Use After Free
First published: Wed Jan 13 2021(Updated: )
KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| PTC KEPServerEX: v6.0 to v6.9 | ||
| PTC ThingWorx Kepware Server | =6.8 and v6.9 | |
| PTC ThingWorx Industrial Connectivity | ||
| PTC OPC-Aggregator | ||
| Ge Industrial Gateway Server | =7.66 | |
| Ge Industrial Gateway Server | =7.68.804 | |
| PTC Kepware KEPServerEX | =6.0 | |
| PTC Kepware KEPServerEX | =6.9 | |
| PTC OPC-Aggregator | ||
| PTC ThingWorx Industrial Connectivity | ||
| PTC ThingWorx Kepware Server | =6.8 | |
| PTC ThingWorx Kepware Server | =6.9 | |
| Rockwellautomation Kepserver Enterprise | =6.6.504.0 | |
| Rockwellautomation Kepserver Enterprise | =6.9.572.0 | |
| Softwaretoolbox Top Server | >=6.0<=6.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-27267?
CVE-2020-27267 is a vulnerability in KEPServerEX and related software that allows remote attackers to execute arbitrary code or cause a denial-of-service condition.
Which software versions are affected by CVE-2020-27267?
KEPServerEX versions 6.0 to 6.9, ThingWorx Kepware Server versions 6.8 and 6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server versions 7.66 and 7.68.804, and Software Toolbox TOP Server versions 6.x are affected.
What is the severity of CVE-2020-27267?
CVE-2020-27267 has a severity rating of 9.1 (critical).
How can CVE-2020-27267 be exploited?
CVE-2020-27267 can be exploited by remote attackers who send specially crafted packets to the affected software, allowing them to execute arbitrary code or cause a denial-of-service condition.
Is there a fix available for CVE-2020-27267?
Yes, patches and updates have been released by the relevant software vendors to address the CVE-2020-27267 vulnerability. It is recommended to update to the latest patched version of the affected software.
- agent/type
- agent/weakness
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/severity
- agent/references
- agent/softwarecombine
- agent/tags
- agent/event
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ptc
- canonical/ptc kepserverex: v6.0 to v6.9
- canonical/ptc thingworx kepware server
- version/ptc thingworx kepware server/6.8 and v6.9
- canonical/ptc thingworx industrial connectivity
- canonical/ptc opc-aggregator
- vendor/ge
- canonical/ge industrial gateway server
- version/ge industrial gateway server/7.66
- version/ge industrial gateway server/7.68.804
- canonical/ptc kepware kepserverex
- version/ptc kepware kepserverex/6.0
- version/ptc kepware kepserverex/6.9
- version/ptc thingworx kepware server/6.8
- version/ptc thingworx kepware server/6.9
- vendor/rockwellautomation
- canonical/rockwellautomation kepserver enterprise
- version/rockwellautomation kepserver enterprise/6.6.504.0
- version/rockwellautomation kepserver enterprise/6.9.572.0
- vendor/softwaretoolbox
- canonical/softwaretoolbox top server
- version/softwaretoolbox top server/6.0
- version/softwaretoolbox top server/6.9