ID

VAR-202101-0382


CVE

CVE-2020-27267


TITLE

plural PTC Product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-010092

DESCRIPTION

KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data. PTC The following vulnerabilities exist in multiple products provided by the company. ‥ * Stack-based buffer overflow (CWE-121) - CVE-2020-27265 ‥ * Heap-based buffer overflow (CWE-122) - CVE-2020-27263 ‥ * Use of freed memory (use-after-free) (CWE-416) - CVE-2020-27267 ‥ * Inappropriate default permissions (CWE-276) - CVE-2020-13535The expected impact depends on each vulnerability, but it may be affected as follows. Kepware Kepserverex is an application software of American Kepware Company that can communicate with a variety of industrial equipment. The software supports more than 150 communication protocols and supports reliable real-time data for enterprises through a single platform. A security vulnerability exists in PTC Kepware KEPServerEX that could allow a remote attacker to cause the application to crash

Trust: 1.71

sources: NVD: CVE-2020-27267 // JVNDB: JVNDB-2020-010092 // VULHUB: VHN-370757

AFFECTED PRODUCTS

vendor:ptcmodel:thingworx kepware serverscope:eqversion:6.8

Trust: 1.0

vendor:ptcmodel:thingworx industrial connectivityscope:eqversion: -

Trust: 1.0

vendor:gemodel:industrial gateway serverscope:eqversion:7.68.804

Trust: 1.0

vendor:rockwellautomationmodel:kepserver enterprisescope:eqversion:6.6.504.0

Trust: 1.0

vendor:gemodel:industrial gateway serverscope:eqversion:7.66

Trust: 1.0

vendor:ptcmodel:kepware kepserverexscope:eqversion:6.0

Trust: 1.0

vendor:softwaretoolboxmodel:top serverscope:gteversion:6.0

Trust: 1.0

vendor:ptcmodel:opc-aggregatorscope:eqversion: -

Trust: 1.0

vendor:ptcmodel:kepware kepserverexscope:eqversion:6.9

Trust: 1.0

vendor:ptcmodel:thingworx kepware serverscope:eqversion:6.9

Trust: 1.0

vendor:softwaretoolboxmodel:top serverscope:lteversion:6.9

Trust: 1.0

vendor:rockwellautomationmodel:kepserver enterprisescope:eqversion:6.9.572.0

Trust: 1.0

vendor:ge digitalmodel:industrial gateway serverscope:eqversion:version 7.68.804 および version 7.66

Trust: 0.8

vendor:ptcmodel:kepserverexscope:eqversion:version 6.0 から version 6.9

Trust: 0.8

vendor:ptcmodel:kepware linkmasterscope:eqversion:version 3.0.94.0

Trust: 0.8

vendor:ptcmodel:opc-aggregatorscope:eqversion:すべて

Trust: 0.8

vendor:ptcmodel:thingworx industrial connectivityscope:eqversion:すべて

Trust: 0.8

vendor:ptcmodel:thingworx kepware serverscope:eqversion:version 6.8 および version 6.9

Trust: 0.8

vendor:rockwell automationmodel:kepserver enterprisescope: - version: -

Trust: 0.8

vendor:toolboxmodel:top serverscope:eqversion:6系のすべて

Trust: 0.8

sources: JVNDB: JVNDB-2020-010092 // NVD: CVE-2020-27267

CVSS

SEVERITY

CVSSV2

CVSSV3

IPA: JVNDB-2020-010092
value: CRITICAL

Trust: 2.4

nvd@nist.gov: CVE-2020-27267
value: CRITICAL

Trust: 1.0

IPA: JVNDB-2020-010092
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202012-1299
value: CRITICAL

Trust: 0.6

VULHUB: VHN-370757
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-27267
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-370757
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-27267
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.1

Trust: 1.0

IPA score: JVNDB-2020-010092
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

IPA score: JVNDB-2020-010092
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

IPA score: JVNDB-2020-010092
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

IPA score: JVNDB-2020-010092
baseSeverity: CRITICAL
baseScore: 9.3
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-370757 // JVNDB: JVNDB-2020-010092 // JVNDB: JVNDB-2020-010092 // JVNDB: JVNDB-2020-010092 // JVNDB: JVNDB-2020-010092 // CNNVD: CNNVD-202012-1299 // NVD: CVE-2020-27267

PROBLEMTYPE DATA

problemtype:CWE-416

Trust: 1.8

problemtype:CWE-787

Trust: 1.1

problemtype:CWE-121

Trust: 0.8

problemtype:CWE-122

Trust: 0.8

problemtype:CWE-276

Trust: 0.8

sources: VULHUB: VHN-370757 // JVNDB: JVNDB-2020-010092 // NVD: CVE-2020-27267

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202012-1299

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202012-1299

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-010092

PATCH

title:Customer Centerurl:https://digitalsupport.ge.com/communities/cc_login?startURL=%2Fen_US%2FDownload%2FIGS-Industrial-Gateway-Server-v7-xx

Trust: 0.8

title:GE Digital Product Security Advisoryurl:https://digitalsupport.ge.com/communities/servlet/fileField?retURL=%2Fcommunities%2Fapex%2FKnowledgeDetail%3Fid%3DkA20h0000000dpqCAA%26lang%3Den_US%26Type%3DArticle__kav&entityId=ka20h00000013uHAAQ&field=File_1__Body__s

Trust: 0.8

title:My Kepware Customer Self-Service Portalurl:https://my.kepware.com/s/login/?ec=302&startURL=%2Fs%2F

Trust: 0.8

title:PTC eSupporturl:https://support.ptc.com/appserver/common/login/ssl/login.jsp?dest=%2Fappserver%2Fcs%2Fportal%2F&msg=1

Trust: 0.8

title:Kepserver Enterpriseurl:https://rockwellautomation.custhelp.com/app/products/detail/categoryRecordID/RN_PRODUCT_611/p/611/~/kepserver-enterprise

Trust: 0.8

title:CISA Advisory ICSA-20-352-02 - TOP Server OPC UA Server Interface Vulnerabilityurl:https://support.softwaretoolbox.com/app/answers/detail/a_id/3924

Trust: 0.8

title:Kepware KEPServerEX Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=137769

Trust: 0.6

sources: JVNDB: JVNDB-2020-010092 // CNNVD: CNNVD-202012-1299

EXTERNAL IDS

db:NVDid:CVE-2020-27267

Trust: 2.5

db:ICS CERTid:ICSA-20-352-02

Trust: 2.5

db:JVNid:JVNVU98489812

Trust: 0.8

db:ICS CERTid:ICSA-20-352-03

Trust: 0.8

db:JVNDBid:JVNDB-2020-010092

Trust: 0.8

db:CNNVDid:CNNVD-202012-1299

Trust: 0.7

db:AUSCERTid:ESB-2020.4481

Trust: 0.6

db:VULHUBid:VHN-370757

Trust: 0.1

sources: VULHUB: VHN-370757 // JVNDB: JVNDB-2020-010092 // CNNVD: CNNVD-202012-1299 // NVD: CVE-2020-27267

REFERENCES

url:https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02

Trust: 2.5

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-13535

Trust: 0.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-27263

Trust: 0.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-27265

Trust: 0.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-27267

Trust: 0.8

url:https://us-cert.cisa.gov/ics/advisories/icsa-20-352-03

Trust: 0.8

url:https://jvn.jp/vu/jvnvu98489812

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2020.4481/

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-27267

Trust: 0.6

sources: VULHUB: VHN-370757 // JVNDB: JVNDB-2020-010092 // CNNVD: CNNVD-202012-1299 // NVD: CVE-2020-27267

SOURCES

db:VULHUBid:VHN-370757
db:JVNDBid:JVNDB-2020-010092
db:CNNVDid:CNNVD-202012-1299
db:NVDid:CVE-2020-27267

LAST UPDATE DATE

2024-11-23T22:20:54.634000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-370757date:2021-01-21T00:00:00
db:JVNDBid:JVNDB-2020-010092date:2020-12-21T09:01:13
db:CNNVDid:CNNVD-202012-1299date:2021-01-22T00:00:00
db:NVDid:CVE-2020-27267date:2024-11-21T05:20:58.280

SOURCES RELEASE DATE

db:VULHUBid:VHN-370757date:2021-01-14T00:00:00
db:JVNDBid:JVNDB-2020-010092date:2020-12-21T09:01:13
db:CNNVDid:CNNVD-202012-1299date:2020-12-17T00:00:00
db:NVDid:CVE-2020-27267date:2021-01-14T00:15:13.510