Published: 14/01/2021 Updated: 21/01/2021

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions are vulnerable to a stack-based buffer overflow. Opening a specifically crafted OPC UA message could allow an malicious user to crash the server and remotely execute code.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ge industrial gateway server 7.66
ge industrial gateway server 7.68.804
ptc kepware kepserverex 6.0
ptc kepware kepserverex 6.9
ptc opc-aggregator -
ptc thingworx industrial connectivity -
ptc thingworx kepware server 6.8
ptc thingworx kepware server 6.9
rockwellautomation kepserver enterprise 6.6.504.0
rockwellautomation kepserver enterprise 6.9.572.0
softwaretoolbox top server

CWE-787 https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-27265

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect