CVE-2020-27265

Published: 14/01/2021 Updated: 21/01/2021

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions are vulnerable to a stack-based buffer overflow. Opening a specifically crafted OPC UA message could allow an malicious user to crash the server and remotely execute code.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ptc opc-aggregator -
ptc thingworx industrial connectivity -
ptc thingworx kepware server 6.8
ptc thingworx kepware server 6.9
ptc kepware kepserverex 6.0
ptc kepware kepserverex 6.9
ge industrial gateway server 7.68.804
ge industrial gateway server 7.66
rockwellautomation kepserver enterprise 6.6.504.0
softwaretoolbox top server
rockwellautomation kepserver enterprise 6.9.572.0

CWE-787 https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-27265

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect