Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Thingworx_industrial_connectivity
(Ptc)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 13 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-03-29 | CVE-2022-2848 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-16486. | Industrial_gateway_server, Kepware_kepserverex, Opc\-Aggregator, Thingworx_industrial_connectivity, Thingworx_kepware_edge, Thingworx_kepware_server, Kepserver_enterprise, Top_server | 9.1 | ||
| 2023-03-29 | CVE-2022-2825 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-18411. | Industrial_gateway_server, Kepware_kepserverex, Opc\-Aggregator, Thingworx_industrial_connectivity, Thingworx_kepware_edge, Thingworx_kepware_server, Kepserver_enterprise, Top_server | 9.8 | ||
| 2021-01-14 | CVE-2020-27263 | KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data. | Industrial_gateway_server, Kepware_kepserverex, Opc\-Aggregator, Thingworx_industrial_connectivity, Thingworx_kepware_server, Kepserver_enterprise, Top_server | 9.1 |