Article - CS375312
Security vulnerability identified in PTC Kepware Products
Modified: 04-Nov-2022
Applies To
- KEPServerEX 5.20.396.0 to 6.11
- ThingWorx Kepware Server 8.0 to 6.11
- ThingWorx Kepware Edge 1.0 to 1.4
Applies To
The following products are affected by the vulnerabilities found in PTC Kepware Products, a connectivity platform:
- ThingWorx Industrial Connectivity: All versions
- OPC-Aggregator: v6.11 or lower
- Rockwell Automation KEPServer Enterprise: v6.11 or lower
- GE Digital Industrial Gateway Server: v7.611 or lower
- Software Toolbox TOP Server: v6.11 or lower
Description
- CISA Advisory: Click here
- CVSS 3.1 Score: 9.1 Critical
- CVSS 3.1 Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
- CWE: heap-based buffer overflow CWE-122
- Specifically crafted OPC UA messages transmitted to the server could allow an attacker to crash the server and potentially leak data
- Common Vulnerabilities and Exposures: CVE-2022-2848 has been assigned to this vulnerability
- Researcher Attribution: Vera Mens, Uri Katz, Sharon Brizinov of Claroty Research working with Trend Micro’s Zero Day Initiative
- CVSS 3.1 Score: 9.8 Critical
- CVSS 3.1 Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- CWE: stack-based buffer overflow CWE-121
- Specifically crafted OPC UA messages transmitted to the server could allow an attacker to crash the server and remotely execute code
- Common Vulnerabilities and Exposures: CVE-2022-2825 has been assigned to this vulnerability
- Researcher Attribution: Vera Mens, Uri Katz, Sharon Brizinov of Claroty Research working with Trend Micro’s Zero Day Initiative
- Customers that have turned off the OPC UA interface are not vulnerable
- It is important to note that this interface is on by default after install
- To disable the interface please follow the steps in CS336588
This is a printer-friendly version of Article 375312 and may be out of date. For the latest version click CS375312