mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
125 lines
5.1 KiB
JSON
125 lines
5.1 KiB
JSON
{
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"data_version": "4.0",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2020-27263",
|
|
"ASSIGNER": "ics-cert@hq.dhs.gov",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "n/a",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "PTC Kepware KEPServerEX",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "v6.0 to v6.9"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "ThingWorx Kepware Server",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "v6.8 and v6.9"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "ThingWorx Industrial Connectivity",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "All versions"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "OPC-Aggregator",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "All versions"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "Rockwell Automation KEPServer Enterprise",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "All versions"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "GE Digital Industrial Gateway Server",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "v7.68.804"
|
|
},
|
|
{
|
|
"version_value": "v7.66"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "Software Toolbox TOP Server",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "All 6.x versions"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "HEAP-BASED BUFFER OVERFLOW CWE-122"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"refsource": "MISC",
|
|
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02",
|
|
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-352-02"
|
|
}
|
|
]
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data."
|
|
}
|
|
]
|
|
}
|
|
} |