CVE-2022-2825

Name of the Vulnerable Software and Affected Versions Kepware KEPServerEX version 6.11.718.0 ThingWorx Kepware Server (affected versions not specified) ThingWorx Industrial Connectivity (affected versions not specified) ThingWorx Kepware Edge (affected versions not specified) PTC OPC-Aggregator (affected versions not specified)

Description The issue is related to a stack-based buffer overflow. It allows remote attackers to execute arbitrary code on affected installations. The flaw exists within the handling of text encoding conversions due to the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Authentication is not required to exploit this vulnerability.

Recommendations For Kepware KEPServerEX version 6.11.718.0, update to a version that fixes the stack-based buffer overflow issue. For ThingWorx Kepware Server, ThingWorx Industrial Connectivity, ThingWorx Kepware Edge, and PTC OPC-Aggregator, at the moment, there is no information about a newer version that contains a fix for this vulnerability.