Article - CS375312

Security vulnerability identified in PTC Kepware Products

Modified: 04-Nov-2022   


Applies To

  • KEPServerEX 5.20.396.0 to 6.11
  • ThingWorx Kepware Server 8.0 to 6.11
  • ThingWorx Kepware Edge 1.0 to 1.4
Applies To
The following products are affected by the vulnerabilities found in PTC Kepware Products, a connectivity platform:
  • ThingWorx Industrial Connectivity: All versions
  • OPC-Aggregator: v6.11 or lower
The following products also may have a vulnerable component:
  • Rockwell Automation KEPServer Enterprise: v6.11 or lower
  • GE Digital Industrial Gateway Server: v7.611 or lower
  • Software Toolbox TOP Server: v6.11 or lower

Description

  • CISA Advisory: Click here
  • CVSS 3.1 Score: 9.1 Critical
  • CVSS 3.1 Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
  • CWE: heap-based buffer overflow CWE-122
  • Specifically crafted OPC UA messages transmitted to the server could allow an attacker to crash the server and potentially leak data
  • Common Vulnerabilities and Exposures: CVE-2022-2848 has been assigned to this vulnerability
  • Researcher Attribution: Vera Mens, Uri Katz, Sharon Brizinov of Claroty Research working with Trend Micro’s Zero Day Initiative
  • CVSS 3.1 Score: 9.8 Critical
  • CVSS 3.1 Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CWE: stack-based buffer overflow CWE-121
  • Specifically crafted OPC UA messages transmitted to the server could allow an attacker to crash the server and remotely execute code
  • Common Vulnerabilities and Exposures: CVE-2022-2825 has been assigned to this vulnerability
  • Researcher Attribution: Vera Mens, Uri Katz, Sharon Brizinov of Claroty Research working with Trend Micro’s Zero Day Initiative 
  • Customers that have turned off the OPC UA interface are not vulnerable
    • It is important to note that this interface is on by default after install
    • To disable the interface please follow the steps in CS336588
This is a printer-friendly version of Article 375312 and may be out of date. For the latest version click CS375312