CVE-2020-27265

Name of the Vulnerable Software and Affected Versions KEPServerEX versions 6.0 through 6.9 ThingWorx Kepware Server versions 6.8 through 6.9 ThingWorx Industrial Connectivity versions prior to a fixed version OPC-Aggregator versions prior to a fixed version Rockwell Automation KEPServer Enterprise versions prior to a fixed version GE Digital Industrial Gateway Server versions 7.66 through 7.68.804 Software Toolbox TOP Server versions 6.x

Description The issue is related to a buffer overflow in memory, which could allow a remote attacker to execute arbitrary code or cause a denial of service by sending a specially crafted OPC UA message.

Recommendations For KEPServerEX versions 6.0 through 6.9, update to a version that includes the fix for the buffer overflow issue. For ThingWorx Kepware Server versions 6.8 through 6.9, update to a version that includes the fix for the buffer overflow issue. For ThingWorx Industrial Connectivity, OPC-Aggregator, and Rockwell Automation KEPServer Enterprise, update to a version that includes the fix for the buffer overflow issue, as all versions are affected. For GE Digital Industrial Gateway Server versions 7.66 through 7.68.804, update to a version that includes the fix for the buffer overflow issue. For Software Toolbox TOP Server versions 6.x, update to a version that includes the fix for the buffer overflow issue, as all 6.x versions are vulnerable.