KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data.
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory “belongs” to the code that operates on the new pointer.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Industrial_gateway_server | Ge | 7.66 (including) | 7.66 (including) |
| Industrial_gateway_server | Ge | 7.68.804 (including) | 7.68.804 (including) |
| Kepware_kepserverex | Ptc | 6.0 (including) | 6.0 (including) |
| Kepware_kepserverex | Ptc | 6.9 (including) | 6.9 (including) |
| Opc-aggregator | Ptc | - (including) | - (including) |
| Thingworx_industrial_connectivity | Ptc | - (including) | - (including) |
| Thingworx_kepware_server | Ptc | 6.8 (including) | 6.8 (including) |
| Thingworx_kepware_server | Ptc | 6.9 (including) | 6.9 (including) |
| Kepserver_enterprise | Rockwellautomation | 6.6.504.0 (including) | 6.6.504.0 (including) |
| Kepserver_enterprise | Rockwellautomation | 6.9.572.0 (including) | 6.9.572.0 (including) |
| Top_server | Softwaretoolbox | 6.0 (including) | 6.9 (including) |